Has the security information and incident management (SIEM) system sauce finally caught on? This is what the 2022 edition of Gartner’s Magic Quadrant for this market suggests, placing Microsoft and its Cloud offering, Sentinel, on the top step of the podium.
Two other market players, Exabeam and Securonix, had already shaken the unstoppable IBM (with Qradar) and Splunk up to the 2021 edition of this magic quadrant. Microsoft was then only placed in the place of visionaries. But Splunk had clearly sensed the tide turning: In July 2021, it announced its Security Cloud, a real answer to service-mode SIEM offerings, accompanied by a revamp of a pricing approach that had been widely and long criticized. On the menu, therefore, is management and ingestion of log files, correlation, detection of behavioral anomalies, automation and orchestration of the response (SOAR), but also threat intelligence management with the technology of TruStar, whose acquisition had been announced at the end of May. 2021.
This has clearly contributed to Splunk’s rise in the esteem of Gartner analysts: in the rankings, it is now ahead of Exabeam and Securonix in terms of the ability to realize its vision, although it remains slightly behind the second in its scope.
However, in terms of the ability to realize its vision, it is Microsoft that is in the lead this year, far ahead of its competitors. Gartner notes that the publisher has succeeded in attracting both large accounts and small businesses. Maybe because Microsoft’s business offer “includes usage credits for Sentinel and Defender”. Enough to encourage you to try these.
But if Microsoft only opened Sentinel’s floodgates in the fall of 2019, the publisher is moving fast. Gartner thus underlines an offer which is progressing rapidly. But it is also – as usual with the publisher – suitable for indirect marketing, through managed service providers. And that’s not counting a “rich ecosystem of highly integrated security products”.
Naturally, Microsoft succeeds in convincing them. Very recently, Thales and Kudelski Security, one after the other, announced the outsourcing of incident detection and response offerings based on Sentinel and Defender. Rubrik has just announced the integration of its data protection tools with Sentinel.
But Gartner analysts are not without certain reservations. They thus warn of the difficulties “in understanding the true costs” of Sentinel, as well as the risk of “potential indirect captivity”. And that especially because it is “difficult to compare Microsoft’s native functions and prices with third-party integrations”.