Q1 Labs, RSA and Arcsight in a ‘SIEM Podcast Cage Match’
Actually the above title doesn’t really resemble the tone, temperament and topics discussed in this podcast.
Considering the highly competitive nature of the SIEM market, this debate among industry leaders was quite civilized – perhaps because two of us are English rugby players!
You’ll have to listen for yourself but there was certainly consistency on three key themes:
- Customer use cases are expanding as they seek to detect and respond to more complex threats like internal fraud. The SIEM use case has gone way beyond simply collecting ‘all the data’ to pass a PCI audit
- Customers are demanding greater automation and operational efficiency from the solutions they deploy. Gone are the days of putting up with ERP-like SIEM deployments
- Content is king! Customers are prioritizing out of the box content that actually works in their environment. It isn’t that services won’t be required for SIEMs going forward, it’s that customers should be spending $ on the ‘neck-up’ work they undertake to make the product sing in their environment, and that’s different from the services they have traditionally had to spend on: CPR to get their first gen SIEM deployment up and running.
Finally, RSA seems to be buying a lot of companies in order to satisfy today’s SIEM use cases ……how long will it take to integrate all these pieces?
Come on, allow me one cheap shot!