Splunk Named a Leader in Gartner 2014 Magic Quadrant for SIEM

Splunk Security Intelligence Platform Powers the Analytics-enabled Security Operations Center

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that it has been named a leader in Gartner’s 2014 Magic Quadrant* for Security Information and Event Management (SIEM). Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security, award-winning products used for security by thousands of organizations around the world.

As the report outlines, “We continue to see large companies that are re-evaluating SIEM vendors to replace SIEM technology associated with partial, marginal or failed deployments,” according to Gartner report authors Kelly Kavanagh, principal research analyst, Mark Nicolett, managing vice president, and Oliver Rochford, research director. “The greatest area of unmet need is effective targeted attack and breach detection. Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition of behavior profiling and better analytics. Most companies expand their initial SIEM deployments over a three-year period to include more event sources and greater use of real-time monitoring.”

“We believe Splunk’s position as a leader in the Magic Quadrant for SIEM reinforces the trend we are seeing that an analytics-enabled Security Operations Center (SOC) is essential and more effective at detecting and responding to today’s cyberthreats. Analytics provide the SOC and security team a holistic view by collecting, monitoring and analyzing all the data in an organization with rich enterprise and global threat context,” said Haiyan Song, vice president of security markets, Splunk. “Splunk customers are continuously transforming their operations by giving their SOC and security teams situational awareness and, more importantly, the ability to investigate and make determinations fast, which means more decisive and timely actions against attacks, advanced persistent threats, insider threats and other operational issues.”

Targeted, advanced attacks and insider threats can be detected and resolved using analytics of diverse data sets, but this data is challenging to bring into traditional SIEM deployments. Organizations use Splunk Enterprise and the Splunk App for Enterprise Security to create a security intelligence platform that leverages analytics to help find known and unknown, advanced threats. The Splunk App for Enterprise Security includes visualizations to identify anomalous behavior, a threat intelligence framework to organize and de-duplicate threat feed data and data models and a pivot interface to enable the fast creation of analytics. More than 175 security and compliance-specific apps are also available to help security teams quickly gain insights from industry-leading products from vendors including Cisco Systems, FireEye, Palo Alto Networks and more.

Gartner defines the SIEM Leaders quadrant as being, “composed of vendors that provide products that are a good functional match to general market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market, and have a relatively high viability rating (due to SIEM revenue or SIEM revenue in combination with revenue from other sources). In addition to providing technology that is a good match to current customer requirements, Leaders also show evidence of superior vision and execution for anticipated requirements. They typically have relatively high market share and/or strong revenue growth, and have demonstrated positive customer feedback for effective SIEM capabilities and related service and support.”