Radar Report
EMA Radar for Log-Based Security Analytics: Q2 2018
Date: 04/18/2018 Length: 48 pages Cost: $795.00

            Linked In    

Cybersecurity as a discipline is a fast-paced, dynamic area. New and innovative attack methods are combined with old ones to make nearly infinite avenues of attack. Whether an attack is a single packet compromise or a low-and-slow attack drawn out over many days, the defenders are responsible for identifying and stopping the attacks as soon as possible. It’s the last phrase that is the issue. How fast is as fast as possible? It seems that over the last few years, "as fast as possible" has not been nearly fast enough. Compromises can happen in hours, but identification may not take place for months to years.

It is this issue that drew innovators to try to figure out how to identify and respond to security incidents faster. The first challenge is being able to wade through the incessant and overwhelming noise of alerts and reduce them to a small trickle of real problems that can be clearly defined and addressed quickly.

Over the past several years, numerous startup companies were established to address this gap in analytics and visibility of real issues in the sea of alerts. Security analytics solutions were initially designed to perform one or more of three primary types of security-focused analytics: User and Entity Behavior Analytics (UEBA), Anomaly Detection, and Predictive Analytics. Since their inception, much of these analytics have merged, leaving only a thin line between a combined UEBA/Anomaly Detection and Predictive Analytics.

This report, which is part one of a two-part series, delves into the platforms, solutions, and products supplying log-based security analytics to security practitioners for the express purpose of providing them with fewer actionable alerts without the tuning side effects that can filter out alerts on actual threat activity. The report evaluates vendors across five major categories supported by over 100 KPIs. EMA evaluated, scored, and ranked each vendor under the same documented criteria. Each participating vendor has a profile that outlines the solution, including its strengths and weaknesses, in comparison to the other vendors evaluated. It also documents key decision-making factors important to the buying process and ultimately depicts the vendors’ relationship to each other based on value vs. functionality.

Part two will follow the same methodology, but will focus on security analytics solutions that primarily rely on network-based data for analysis.

David Monahan, Former EMA Analyst

Other Contributor:

Paula Musich


EMA Services

IT Professionals

EMA can help you:

  • Support your decisions
  • Succeed with key projects
  • Align IT with the business

Learn More!

IT Vendors

EMA can help you:

  • Build the right product
  • Reach the right prospects
  • Establish market credibility

Learn More!

EMA Advisory Notes Service

An Affordable Way to Stay on Top of Key Trends & Industry Events

Subscribe now

EMA Premium Research Service

In-Depth Insight into IT Management Benefits, Challenges & Best Practices in the Enterprise

Subscribe now

©1996-2020 Enterprise Management Associates, Inc. All rights reserved.
EMA™, ENTERPRISE MANAGEMENT ASSOCIATES®, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc.
Site Terms & Conditions | Integrity Policy | Site Map | My Account
Subscribe to EMA RSS Feed