We believe this report also helps confirm the power and value of the Fortinet ecosystem and the advantages of leveraging FortiSIEM as the security intelligence layer for any organization that has invested in the Fortinet Security Fabric. And these advantages are even stronger now that the FortiInsight AI engine and endpoint telemetry collectors have been embedded into the FortiSIEM solution, enabling significant advances in User and Entity Behavior Analytics.
2021 Gartner Magic Quadrant for Security Information and Event Management
According to Gartner, "Security and risk management leaders increasingly want SIEM solutions with attack detection, investigation, response and compliance capabilities, but must balance this desire with an understanding of the resources needed to run such solutions."
As captured so succinctly in the lead-off sentence of this year's report, SIEM vendors are now engaged in an arms race to offer continuous advances in sophisticated security analytics and automation, while at the same time, the overall market is in a transition towards outsourced services. This is the result of an increasing percentage of SIEM buyers concluding that they may ultimately be better served by outsourcing some portion of their security operations rather than continuing to handle everything in-house.
These competing forces in-house and managed services are driving changes that are ultimately hugely beneficial for most buyers:
- For those Enterprise buyers ready to double down on their security operations team, but who also want to outsource some (or all) of their platform management, advances on several fronts are making this possible:
- Machine learning, such as the ability to profile the normal behavior of users, systems, and networks and then alert on anomalous behaviors, is catching earlier indicators of pre-breach activities
- New frameworks, such as MITRE ATT&CK, are providing more complete views of telemetry coverage (and gaps) as well as the ability to visualize potentially related events more easily in an attack chain
- Most well-established SIEM vendors now have a variety of options deployable to the cloud
- SaaS or hosted solutions are also directly available
- For those buyers ready to outsource all platform management, and some (or all) of their security operations function, there is also an exploding marketplace of managed security services providers (MSSPs) available. These range from relatively low-cost options with lightweight Managed Detection and Response (MDR) services to world-class teams with highly experienced analysts, fully integrated best-of-breed enterprise class products (including many covered in this report), and very mature and automated incident handling and response processes.
Unfortunately for many SIEM vendors, delivering products that can keep up with the demanding needs of the Enterprise is very different from what is required to keep up with the needs of managed security services providers. And the inability to keep up on both fronts is reflected in this report. SolarWinds, for example, has dropped out of the report completely for failing to meet new analytics-related requirements. And AT&T (AlienVault) is no longer included due to their decision to completely reposition their solution around service delivery.
Conversely, FortiSIEM is designed to vigorously serve both market segments with innovation and value, and we are grateful for the recognition of that and other efforts in this year's Gartner Magic Quadrant. FortiSIEM provides centralized visibility to help security teams better manage a variety of rapidly changing security, performance, and compliance needs. It provides industry-leading and patented threat detection that cross-correlates both network operations center (NOC) and security operations center (SOC) analytics in real time. This helps security teams better understand the greater context of their environment.
And FortiSIEM also natively supports multitenant architectures by reporting on separate network segments and virtual and logical environments. And all this can be managed and monitored through its unified console to reduce the time it takes to detect threats. Plus, its highly scalable design ensures that organizations can process ever-increasing volumes of log and event data without interruption.
FortiSIEM functions as the security intelligence layer of the Fortinet Security Fabric by integrating security monitoring and management from the endpoint, access layer, applications, network, data center, and cloud into a single, cooperative security solution. This enables it to deliver the adaptive visibility, control, and analysis required by even the most challenging SOC environments.
Read the 2021 Gartner Magic Quadrant for Security Information and Event Management report to see why Fortinet has been named a Visionary in this year's SIEM market at
Source: Communication Arts