Gartner Security and Risk Management Summit: Security Intelligence and SIEM Hit the Big Time
Gartner held its annual Security and Risk Management Summit, in Washington DC last week. This is always an excellent event to gauge the IT security market in general: attendance was up from last year according to Gartner, more sponsors, more attendees, and far more focus on targeted attacks. The headlines of the last twelve months confirm what we call the Year of the Breach.
More relevant to our patch, however: for the first time ever at this event, Security Intelligence and SIEM were called out during the opening keynote as "no longer nice to have but fundamental." SIEM and Security Intelligence have now been recognized across Gartner security for what we (and our customers) have known for years. More than three years ago, IBM developed the IBM Security Framework, and we positioned to Gartner as the foundation of our go-to-market and development strategy. It is great to see this message corroborated at the analyst firm's top security event, which I learned is their 2nd largest event behind Symposium. This fact is further evidence of the elevation of IT security challenges and prioritization in the marketplace.
Some highlights from the Summit:
- "Gartner predicts the global spend on security services to exceed $49B by 2015."
- During a SWOT on our major competitor the analyst listed this among that vendor's Threats: "IBM is becoming a security powerhouse."
- What IT event would be complete without discussions of Big Data? Security Intelligence' relevance to Big Data was prominent at the event:
Gartner definition: "Big Data is a class of information processing problem that, due to the volume, velocity, variety and complexity of the data, requires different approaches to support analytics to derive cost-effective, timely, business-relevant insight. However, Big Data in and of itself, is not our goal. Delivering risk-prioritized actionable insight is. To support the growing need for security analytics, changes in information security, people, technologies, integration methods and processes will be required, including security data warehousing and analytics capabilities, and an emerging role for security data analysts within leading edge enterprise information security organizations."
- Gartner also believes that a key driver of Security Intelligence is the "the shift to context-aware security": "To enable faster and more-accurate assessments of whether a given action should be allowed or denied, we must incorporate more real-time context information at the time a security decision is made." Gartner elaborates that context should be obtained from a range of sources, mirroring our announcement earlier this year about integrating various sources from the IBM security portfolio such as network security (IBM Network IPS), endpoint security (IBM EM/BigFix), IAM (IBM Identity Manager), mobile application security (IBM Mobile AppScan), and content/data security (IBM Guardium), in addition to threat intelligence (IBM X-Force).
- Gartner also mentions the need to incorporate flow data: "Vendors ... such as IBM/Q1 Labs ... collect large amounts of network packets and/or flows to support the analysis for anomalous activities."
- And finally, collecting all that context doesn't help unless you can also create actionable intelligence via analytics: "Some, such as IBM's Q1 Labs with its QRadar, provide a form of security analytics on top of its SIEM repository, which is a good example of how we believe the vendors will evolve to deliver Security Intelligence."
We couldn't have said it any better.