Blog

Forrester Security Analytics Platform Landscape, Q3 2022: Moving In the Right Direction

SIEM

By Augusto Barros, VP, Cyber Security Evangelist

Forrester recently published its “Security Analytics Platform Landscape, Q3 2022” report. The report describes the market for Security Analytics (SA) Platforms, defined in the document as something that “converges logs from network, identity, endpoint, application, and other security relevant sources to generate high-fidelity behavioral alerts and facilitate rapid incident analysis, investigation, and response”. Other industry analysts would call this a SIEM. Well, whatever these solutions are called, we are happy to see that this report highlights how Securonix is moving in the right direction.

The report mentions the market main trend, primary challenge, and top disruptor. None of those were surprises to us, as is evidenced in the direction we are taking our platform. The main trend is described as “SA platforms subsuming adjacent markets”. Yes, they are definitely doing it. Our platform today incorporates capabilities from a multitude of product categories, including SIEM, Security Data Lakes, UEBA, SOAR, and TIP. But this is not only about putting more capabilities together. That’s the easy part. We see many SIEM vendors buying SOAR startups to bolt-on SOAR capabilities to catch up on this trend. What is most challenging is exactly what Forrester describes as the market’s primary challenge, “Providing High-Quality Security Analyst Experience (AX)”.

The way we are dealing with the AX challenge is by ensuring that all those capabilities are provided by the platform in an unified, built-in instead of bolted-on manner. Our recently launched SOAR is the primary example of this approach. While other vendors still have their SOAR as a completely separate product, in a separate architecture and UI, our SOAR was designed as an extension of the capabilities of the SIEM from within. You can see it from the way we incorporate the execution and results of playbooks in the incidents view of the SIEM:

Figure 1: Launch SOAR playbooks from your SIEM platform.

This approach lets us provide a unified workflow that reduces context switching, dramatically improving the AX. Compare that to bolted-on alternatives, where analysts find themselves jumping from the SIEM to the SOAR UI and vice-versa when investigating and responding to incidents.

Our work to improve AX is not limited to SOAR. We have also introduced Securonix Investigate, which is focused on providing context to and improving collaboration for analysts performing incident investigations.

Finally, the Forrester report also mentions a top disruptor of the SA market. According to Forrester, it is the ability to run security analytics on top of independent data stores. Do you need an example of what an “independent data store” is? Snowflake. We believe so strongly this is indeed a top disruptor that we’ve been working with different “bring your own” models for data stores, such as Snowflake. How does our model work?

Figure 2: The Securonix + Snowflake Solution.

Our solution operates in a way where Securonix takes care of all steps that require “subject matter expertise” in threat detection and response. We leverage all the pre-built data ingestors, parsers and enrichment processes to bring data into Snowflake in the most efficient and valuable manner. Securonix also takes care of all threat detection content, including analytics models and threat intelligence, and we also provide case management and investigation capabilities that organizations would have to develop on their own when trying to leverage general purpose data lakes.

Leveraging a data store like Snowflake has enormous advantages. The most obvious is cost. Snowflake can offer virtually unlimited storage at a fraction of the price from other SIEM vendors. But that’s not the only advantage. As the solution leverages the customer’s own Snowflake account, the detached, open, and native multi-cloud data store provided by Snowflake allows organizations to break the silo of security data. Integrating it into their enterprise data architecture and enabling new use cases can multiply the value of data that is often underutilized when kept in a proprietary silo. Customers can not only use the data in different ways, but they also own it and retain control of it at all times. The architecture with an external data store brings a whole different level of independence from the security solution provider, avoiding the typical vendor lock-in that exists in this market.

Our focus has not been only about getting our dot up to the right on a chart (well, we do that quite well too!) but about bringing real value to our customers by improving their experience. The alignment of our strategy and roadmap to Forrester’s vision for Security Analytics Platforms confirms how Securonix stays tuned to the evolution of threat detection and response requirements. With so many moving parts in a security program, a SIEM that is able to keep up with threats and evolving IT environments is not only a piece, but the cornerstone of a dependable and resilient security architecture.