Splunk Named a Leader in the 2026 IDC MarketScape for Worldwide SIEM

We’re thrilled to share that Splunk has been named a Leader in the IDC MarketScape: Worldwide SIEM 2026 Vendor Assessment (doc #US54126826e, June 2026).

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons.​

We believe this recognition is a testament to our commitment to delivering powerful, unified SOC experiences for the agentic era through Splunk Enterprise Security (ES). This comes on the heels of Cisco Live 2026, where we shared our recent innovations designed to address today's security needs, including:

• Advancing the agentic SOC with purpose-built agents to help reduce repetitive work and investigation friction, so security teams can act with greater speed, consistency, and confidence.
• Introducing new ES capabilities like Automated Threat Analysis (GA today) and Entity Analytics (GA coming)
• Broadening our partnership with AWS through Splunk Enterprise Security for AWS Security Hub Extended to further simplify and unify security operations across AWS, hybrid, and multi-cloud environments.

The IDC MarketScape report recognized specific strengths for Splunk, including:

• Splunk Enterprise Security Premier combines SIEM, SOAR, UEBA, and Attack Analyzer on a single work surface with shared case management and finding-based detections that group correlated events into one investigative view.
• Customers describe the Splunk community, including .conf, user groups, and Splunkbase, as a meaningful resource for peer learning and content sharing. Peer-developed content on Splunkbase and Splunk community forums helps customers build detections suited to their environment.
• The Splunk platform ingests security and operational telemetry on the same data plane, which helps it serve both security and IT teams, minimizing duplicate data ingestion.
• Splunk Enterprise Security runs as a self-managed deployment on Splunk Enterprise or as SaaS on Splunk Cloud Platform across AWS, Azure, and Google Cloud Platform. Decoupled compute and storage, SPL2 pipelines on Edge Processor and Ingest Processor, and federated search against Amazon S3 and Amazon Security Lake let customers choose where data resides without changing the analyst experience.

We’d like to extend a big thank you to our partners and customers; this wouldn't be possible without you! Our Splunk community is constantly showing what it means to adapt, innovate, and succeed in a security landscape that is fraught with change, and we’re honored to collaborate with you on your security journeys.

Read the Full 2026 IDC MarketScape for SIEM

Download your complimentary excerpt copy of the 2026 IDC MarketScape for SIEM today.

Common Questions: Splunk Enterprise Security