Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM

New Webinar — register now:
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM

In the Gartner 2016 Critical Capabilities for Security Information and Event Management (SIEM) report, Splunk scored the highest in all three use cases*: Basic Security Monitoring, Advanced Threat Detection and Forensics and Incident Response

In this report, each capability is then weighted in terms of its relative importance for specific product/service use cases.


SIEM technologies provide a set of common core capabilities that are needed for all basic security monitoring use cases. Other SIEM capabilities are more critical for the advanced threat detection or incident response and management use cases.

The eight critical capabilities used in the 2016 report to determine scores for the three use cases are:

  • Real-time monitoring
  • User monitoring
  • Deployment and support simplicity
  • Advanced threat defense
  • Advanced analytics
  • Data and application monitoring
  • Incident response and management
  • Business context and security intel

Splunk Enterprise Security as Your Security Nerve Center

Splunk’s security portfolio includes Splunk Enterprise Security (ES), which is an analytics-driven SIEM that is adopted by successful security operations teams for basic security monitoring, advanced threat detection, forensics and incident response use cases and more. SecOps teams make Splunk ES their security nerve center by leveraging all security relevant data that is collected across IT, security and the cloud.

Splunk ES is made of five distinct frameworks that can each be leveraged independently to meet a wide range of security use cases including the three common SIEM use cases identified in the Gartner 2016 Critical Capabilities for SIEM report.

SIEMPIC4As a customer, or developer, you can use the out of the box dashboards, searches, reports in Splunk ES which are built using these frameworks. Or you can use your own content to build custom solutions with these frameworks.  These frameworks are not individual solutions but instead they are embedded within Splunk Enterprise Security.

Join my colleague Chris Shobert and I on Nov 17th as we walk you through and demo the five frameworks of Splunk ES, which will help you solve your security challenges.

Register now: Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM  Thursday, November 17, 9:00 A.M. PT.

We look forward to seeing you there!


Girish Bhat

*Gartner, Inc., Critical Capabilities for Security Information and Event Management, Oliver Rochford, Kelly M. Kavanagh, Toby Bussa.  10 August 2016. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available from Splunk.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Girish Bhat

Posted by