Trustwave, a leading provider of Managed Security Services, has been named a Representative Vendor in the Gartner® 2022 Market Guide for Managed SIEM Services.
In the report, Gartner analysts Al Price, John Collins, Andrew Davies, Mitchell Schneider, and Angel Berrios provide an updated definition of Managed SIEM Services along with how Managed SIEM, which is also known as a managed SoC or SoC as a service. Additionally, Gartner notes what organizations should look for when comparing the Managed SIEM Services that are currently available.
“Security, information, and event management is challenging to deploy, maintain, and staff. Managed SIEM services aid security and risk management leaders in the operations of their SIEM — allowing organizations to maintain ownership, personally operate the solution, and customize it to their needs,” the Market Guide stated.
Gartner defines a Managed SIEM vendor as one that provides managed security information and event management services, remote management, or monitoring of a client-owned SIEM solution. Services include management, ensuring a security system’s availability and performance, detection, content writing, and tuning (whether this is 24/7 or hybrid), off-hours security monitoring and alerting, and lightweight investigation of security issues.
There is a bright future for Managed SIEM providers and clients. As per Gartner, “Managed SIEM has a compelling adoption rate and increasing customer demand.”
In addition, Gartner notes, SIEM technologies are becoming more accessible, and more mid-maturity security buyers who have recently adopted a cloud-based IT posture are accelerating adopting the model to meet their growing security needs.
Gartner Managed SIEM Key Findings
- “SIEM is widely adopted by organizations with security that is mid-level in terms of maturity. These organizations are looking to own, deploy and utilize their security tool investments instead of utilizing shared service provider tools.”
- “Security teams have a wide range of complex responsibilities and benefits. Outsourcing certain elements of security delivery helps ease the workload of the security teams and provides resources so the team can focus on operational requirements.”
- “Buyers who have invested in SIEM technology use Managed SIEM services to derive more value. They can use Managed SIEM services to get assistance with decisions around strategy, architecture, maintenance, development, or support. This approach leads to better security operations results.”
- “Managed SIEM providers offer varying service levels and can cater to most buyers’ needs.”
Gartner Recommendations on How to Choose a Managed SIEM Product
The Gartner analysts recommend evaluating as many Managed SIEM models as possible, choosing one that aligns best with the needs of its security team, such as hours needed, augmenting the in-house team’s skill set, and reducing maintenance overhead.
Another important factor is an organization must “select providers based on partner programs that your SIEM vendor operates.”
Trustwave’s Co-Managed SoC
service offers client threat detection services operating in conjunction with the client’s SIEM technology. The ingests SIEM alerts from the client’s SIEM and processes the data through threat intelligence and threat-focused detectors. The team can then escalate this information by displaying it as a SIEM alert in the Trustwave Fusion platform. In addition, Trustwave analysts will review the threat findings and will access the client’s SIEM to investigate with the aim of gaining more context from collected events and activity trends.
Trustwave can quickly onboard a client through its SIEM Jumpstart program. During this process, Trustwave:
- Will coordinate all client and Trustwave responsibilities, tasks, and status reports related to delivery of the feature
- Will guide and assist client in the transition to co-management of the SIEM Technology
- Will review SIEM use cases applicable to the client’s SIEM to tune the alert volumes relative to the client’s purchased capacity and licensing restrictions associated with the SIEM Technology of which Trustwave is made aware
- Will provide standard (non-custom) use cases and refine alerting and reporting
Gartner, Market Guide for Managed SIEM Services, Al Price, John Collins, Andrew Davies, Mitchell Schneider, Angel Berrios, 17 August 2022
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.