Making Sense of the 2022 Gartner Critical Capabilities For SIEM

As organizations evaluate or re-evaluate their needs in improving security operations, the SIEM must be a core part of that evaluation, especially as it continues to evolve. With that, Gartner has published the 2022 Gartner Critical Capabilities for SIEM report with the purpose of providing guidance based on your organizational requirements, size, and maturity around which vendors are best suited to meet those requirements. Along with the 2022 Gartner Magic Quadrant for SIEM, which looks at a broader market level as well as product capabilities, the two reports are critical for navigating the crowded SIEM and confusing XDR landscape as you look to improve the time-to-value, accuracy and efficiency of your security operations based on evolving needs of your business and the threat landscape.

Gartner Use Cases (i.e., class of buyers)

Gartner Breaks Down SIEM into 3 primary use cases:

  1. Out-of-the-Box SIEM Use Case
  2. Customizable SIEM Use Case
  3. Threat Detection, Investigation and Response Use Case

If you look at the three use cases, they’re really built upon the maturity and size of the organization. When you first start out deploying a SIEM, you want to start with an Out-of-the Box implementation according to Gartner. The focus is on common threat monitoring use, such as known ransomware and phishing attack scenarios, and meeting regulatory compliance requirements, such PCI-DSS or frameworks like the MITRE attack framework.

Then as your security practice matures, you want to add more customization and focus on Customizable SIEM. This means more complex infrastructure, such as hybrid cloud architectures, increased data sources and more customized correlation rules and business-level reporting.

Finally, an organization, usually larger, with a mature Security Operations Center (SOC), will look at the third use case and want to use their SIEM to build out an accurate and efficient Threat Detection, Investigation, and Response (TDIR) program. This is where the SIEM includes additional capabilities or supports bi-directional integrations with solutions such as UEBA, XDR, NTA, Identity and Access Analytics, Endpoint Analytics and SOAR where the SOC can build advanced customization of analytical rules, or even create new detection models and workflows. This is also where advanced threat hunting is part of the makeup of the team.

Disrupting the Market Based on Innovation, Not Marketing Hype

When we talk about disrupting the market at Gurucul, we really mean building the capabilities and innovations based on both a wide breadth of capabilities to address teams of varying size and skills, but also comprehensive features that can be used by security teams needing more advanced functionality. This requires introducing capabilities that provide comprehensive customer value and are free of marketing fluff or building a feature to barely meet a checkbox. This approach has positioned Gurucul in the Top 3 for SIEM based on the 2022 Gartner Critical Capabilities for SIEM scoring across multiple “Use Cases”.

While many other vendors claim pieces or surface level capabilities, Gurucul delivers security solutions based on industry trends, market dynamics, and requirements of organizations, as well as customer research performed by organizations like Gartner.

Gurucul Next Generation SIEM is available as part of our Security Analytics Platform. The platform is available as SaaS, on- premises, cloud-hosted, VM or in a container and can support complex deployments across geographies and/or multi-cloud architectures.

Our platform is modular by design and can provide different capabilities that can be carved out or bundled. While we have hundreds of integrations with leading vendors, we do offer SOAR, XDR, UEBA, Identity and Access analytics, Network Traffic Analysis (NTA), Endpoint Analytics, insider threat detection, medical device monitoring, a security data lake option, and even full case management.

Our focus has been on providing the widest breadth and depth of analytics along with a dynamic risk scoring engine to accelerate detection, prioritize investigations, and providing necessary context and risk prioritization to help security teams respond to attacks.

Addressing the Most Difficult and Destructive Attack Campaigns

We have developed a mature set of Identity and access-based threat detection and contextual capabilities to combine behavioral analytics with access rules and policies. We have been able to drastically improve TDIR for the hardest classes of attack campaigns to identify and respond to rapidly: Credential-Based attacks, Insider Threats, and Emerging/Unknown attacks.

Resources: