Enterprise-class cybersecurity technology vendors must offer SIEM software, security analytics, and operations capabilities or have strong SIEM partners Enterprises are changing their cybersecurity technology procurement habits and consolidating the number of cybersecurity vendors they do business with and purchasing security products designed for integration, according to ESG research. Eventually, CISOs will buy more products from fewer vendors, leading to the rise of a few enterprise-class cybersecurity technology vendors that dominate the space. These vendors will offer tightly integrated cybersecurity technology architectures that span across applications, host systems, networks and cloud-based assets, offering capabilities for threat analysis/investigations, as well as prevention, detection and response.Of course, security analytics and operations have long been the domain of security information and event management (SIEM) software. Does this mean SIEM must be part of an enterprise-class cybersecurity technology architecture? To find out, ESG asked a panel of 176 cybersecurity and IT professionals working at enterprise organizations (i.e. 1,000 employees or more) the following question: How important is a SIEM as part of an enterprise-class security architecture or platform? It turns out 48 percent say SIEM is a very important part of an enterprise-class security architecture, while 45 percent say it is important. Furthermore, 90 percent of respondents say offering a SIEM is really a requirement for any technology provider classified as a true enterprise-class cybersecurity vendor. Here’s my take on this data: 1. The ESG research suggests that enterprise cybersecurity tactics and strategy is increasingly driven by data analytics. In other words, enterprises are collecting, processing, analyzing and responding to more and more security data from a growing diversity of sources. Given that, SIEM and/or other security analytics tools assume a starring role in a hub-and-spoke architecture that extends from security analytics to policy management and enforcement controls deployed across the network.2. The world of cybersecurity analytics and operations is in a state of innovative flux, and ESG believes individual capabilities will come together to form an integrated security operations and analytics platform architecture (SOAPA) over the next few years. Given that trend, enterprise-class cybersecurity vendors don’t necessarily need a SIEM software offering. Instead, they need leading security analytics and operations tools, SOAPA reference architectures and strong SIEM partners.3. SIEM functionality extends to other areas, such as threat intelligence analytics, network security analytics, EDR, UEBA, incident response automation and orchestration. Enterprise-class cybersecurity vendors will really have to play in all those areas with products of their own or with tight integration with products from ecosystem partners.There is also tremendous innovation happening in all areas of cybersecurity analytics and operations, so look for lots of M&A activity over the next 12 to 18 months. Additionally, look for continuing integration of open source technologies—HDFS, Spark, Elastic search, etc. 4. AlienVault and LogRhythm represent very attractive acquisition targets for vendors lacking a SIEM.5. Every technology provider vying to become an enterprise-class cybersecurity technology vendor will partner with Splunk because of its existing enterprise installed base—even those that offer a SIEM of their own. 6. IBM and McAfee have a SIEM platform, making them well positioned to assume a role as enterprise-class cybersecurity technology vendors. 7. While SOAPA will take some time to become established in large enterprises, there is a tremendous opportunity for offering an end-to-end SOAPA portfolio (of products and services) to mid-market and small enterprise customers. Vendors such as Symantec and Trend Micro have a great opportunity here. No one will coronate anyone as an enterprise-class cybersecurity technology vendor just because they offer a SIEM or work with leading SIEM providers. Rather each and every vendor will have to earn this position with best-of-breed products, tight SOAPA integration, strong services, and a commitment to hold customer hands during this transition. This effort will separate those truly committed to enterprise-class cybersecurity technology from those still slinging products and marketing rhetoric. More on SIEM: What is SIEM software? How it works and how to choose the right toolArcSight vs. Splunk? Why you might want bothEvaluation criteria for SIEMSIEM: 14 questions to ask before you buyLog management basicsSIEMs-as-a-service addresses needs of small, midsize enterprises Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe