Splunk leads way for SIEM, but significant obstacles hampering full SIEM benefits
A new report from 451 Research has Splunk leading the way for enterprise security information and event management, with its querying capability and ease of integrating new data feeds winning favour.
The Voice of the Enterprise: Information Security quarterly report shows more than 32% of enterprises named Splunk as their primary SIEM platform provider.
Intel Security garnered second place, based on evaluations from its 380 existing customers.
Daniel Kennedy, 451 Research information security research director, says SIEM solutions hold a lot of promise as the centralised solution for unlocking the secrets held in the logs of enterprise systems and marrying them with the use of threat intelligence.
That promise, however, comes at a cost, he says.
"SIEM solutions still retain a reputation for being difficult to set up, difficult to add new feeds to, and difficult to tune," Kennedy says. "That said, their value to the enterprise security manager is increasingly understood, and while many SIEM implementations may have started out as a compliance check mark, they have transcended those roots.
The Q4 Voice of the Enterprise: Information Security Vendor Window shows Splunk and Intel Security – previously McAfee – leading the charge on 451 Research's vendor promise and vendor fulfillment index, with both achieving high fulfillment and high promise – or, as 451 Research says 'underpromising and overdelivering'.
SolarWinds, HP and IBM make it onto the quadrant, showing 'high promise, low fulfilment'.
"The Vendor Promise Index is designed as a measure of perceptions of vendor's promise prior to actual product/service delivery and use," 451 Research says.
"The Vendor Fulfillment Index is designed as a measure of execution effectiveness criteria, which are related to the physical product/service delivery and customer experience of using the product or serivce.
The report also shows that spending on security remains strong, with 44% of enterprise security managers expecting to increase their budgets in the next 90 days. Just 4% expect to decrease security spending.
However, a lack of staff expertise (44.4%) and inadequate staffing (27.8%) are 'significant obstacles' in fully realising the benefits of SIEM, enterprises say.
When it comes to specific security concerns, 41% of respondents said 'hackers with malicious intent' were the top security concern in the past 90 days, followed by navigating complinace requirements, at 37%.