skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Over the last year, Ovum has seen that customers and vendors appear to be signaling that the security incident and event management (SIEM) platform might be in its last years of life. Among many transactions, HPE spun off ArcSight in 2016 to merge with MicroFocus, which at a minimum, suggests it is a very mature technology. Ovum does not therefore expect much growth in traditional SIEM technology, but does anticipate a flurry of activity to supplement and replace this now legacy technology.

Industry activity seems to indicate SIEM's end-of-life position

Ovum believes that enterprise customers and MSSPs view traditional SIEM platforms as not providing the security posture nirvana they had expected and have become part of the security tool exhaustion most CISOs are now dealing with.

It is unclear whether SIEM will become part of the security tool graveyard, or whether it will morph into some new expanded, open, next-generation security management platform. While vendors of new security tools are at pains to highlight that they can integrate with SIEM platforms, companies developing rival oversight and monitoring technologies, as well as several emerging MSPs, are attacking SIEM's value and functions. Many new security vendors and SPs are initially pitching their offerings as complementary to SIEM, but have plans (not so hidden) to replace it over time. New technology, including cloud-based security and advanced analytics with machine learning/AI, encourage customers to try new approaches, with and without SIEM in place.

Ovum’s research shows that the SIEM market is a mature enterprise technology segment, where most high-end target customers already have a SIEM platform. This makes it a market characterized by recurring/maintenance fees (this is what will have attracted Micro Focus to the ArcSight business), where customer wins typically mean ousting a rival.

The future seems limited for traditional SIEM, and the need of enterprise customers to know and maintain or improve their required security posture will create alternatives to the use of a singular technology such as SIEM as the long-term solution. Future platforms will need to be open, fully integrated with third parties, and cloud-aware, if not fully cloud-based.

Appendix

Author

Mike Sapien, Chief Analyst, Enterprise Services

mike.sapien@ovum.com

Rik Turner, Principal Analyst, Infrastructure Solutions

rik.turner@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316


Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now