The well-established security information and event management (SIEM) market is poised for change. SIEM products are incorporating features from other products such as breach detection systems (BDS) and continuous forensic analytics (CFA) systems. Historically, SIEM products have focused on log and network event correlation and compliance reporting. They are also able to detect and report on anomalies in user behavior. Recent enhancements among market leaders include integration of threat intelligence feeds and other contextual information as well as improved offerings for incident forensics. These changes are creating a new lease on life for a market that some consider as destined for extinction.
Many customers are choosing to outsource management of their SIEM products to managed security service providers (MSSPs), and SIEM vendors are responding by tailoring their offerings specifically toward MSSPs. This allows MSSPs to become security operations centers (SOCs) for their own customers, generate recurring revenue, and increase the availability of SIEM products for the mid-tier and for small to medium-sized businesses (SMBs).
Although the SIEM market is mature, it is still growing at a respectable rate of 10.5 percent and is expected to have a total addressable market of US$2,416 million between 2015 and 2019. While many SIEM products are seen as expensive, complex to configure and maintain, and of limited use, improved offerings and encouraging product roadmaps are changing this perception. As the availability of managed and cloud-based SIEM products increases, vendors should find adoption in a broader market.
Although it is plausible that an emerging technology such as CFA could replace SIEM, the ongoing need for compliance, the trend toward partnering with MSSPs and the adoption or acquisition of CFA functionality, all augur well for the future of SIEM technology. Don’t expect SIEM to disappear from the technological or market landscape any time soon.