person looking up and to the right

What is the Gartner Magic Quadrant SIEM?

Security Information and Event Management is an essential platform for all organizations to be aware of. Effectively, it refers to a collective platform for IT security, measuring risks, and scoring them appropriately so the organization can protect against incoming threats. The best way to be secure and protected is to have the ideal IT security systems set up. 

BitLyft AIR® SIEM Overview


A plethora of different software applications are available for you to download and implement in your organization. These applications provide you with security assurances and let you manage all the various elements of your cybersecurity practices. However, which ones are the best for your organization? 

It’s a crucial decision, and one of the ways to make your choice is by looking at the Gartner Magic Quadrant SIEM. If you’re unaware of what this is or why it’s so important, then allow us to explain everything in this guide. 

Gartner Magic Quadrant for Security Information and Event Management

The Gartner Magic Quadrant SIEM explained

Gartner, Inc. is a well-respected firm that carries out detailed analysis of different SIEM solutions from a variety of vendors. Each year, they compiled all of the data into a report known as the Gartner Magic Quadrant SIEM. 

Essentially, this quadrant looks at the top 17 SIEM vendors and weighs up all of the pros and cons that each one possesses. From here, they’re placed onto a graph that’s split into four quadrants: 

  • Challengers (top left)
  • Niche players (bottom left)
  • Leaders (top right)
  • Visionaries (bottom right)

The x and y-axis of the graph are also labeled. Along the bottom, you have Completeness of Vision, and going upwards to have Ability to Execute. So, each vendor is basically placed on this graph based on their completeness of vision and ability to execute. As such, they will end up somewhere in one of the four quadrants. 

Vendors in the bottom left quadrants are known as niche players in the SIEM market for this year. They’re the companies who offer products that perhaps don’t have a complete vision and can’t execute procedures on a high scale. As such, you tend to see vendors that perhaps cater to specific needs within the IT security industry, rather than ones that provide an all-round solution. 

By comparison, vendors that end up in the bottom right quadrant are seen as visionaries because they have a complete vision but perhaps lack the execution right now. So, they’re viewed as vendors to perhaps consider for the future. 

If a vendor is in the top left quadrant, then they’re challengers because they have a good vision and good execution. However, both things can still be improved, so they don’t quite make it to the very top as other vendors outperform them right now. 

Lastly, the top left quadrant is for the leaders because it means the vendor has a high ability to execute with a very complete vision. Ideally, the perfect score would leave a vendor right in the top right corner of the graph. 

When all 17 vendors have been plotted on the graph, you see it start to take shape. It’s easy to look at how each SIEM vendor shapes up against the rest, which helps organizations make more informed decisions. 

However, it’s important to note that the Gartner Magic Quadrant SIEM is for research purposes only. The aim is to show the capabilities of different vendors, not to recommend any to your organization. The final decision is up to you. 

How is the Gartner Magic Quadrant SIEM decided?

Gartner decides on the results based on a series of tests and statistics. They look at the service offered by each vendor, along with various market share criteria and reviews. In essence, they take everything into account to ensure a non-biased and well-rounded view is provided. 

Before any research and analysis take place, the first step is defining the SIEM marketplace. This definition has remained the same for a few years, and Gartner sees it as:

“The customer’s need to analyze event data in real-time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory concerns.”

Consequently, vendors must first fit into this definition if they’re to be considered for the Gartner Magic Quadrant SIEM. Furthermore, there is a list of criteria that must be met by each vendor: 

  1. SIEM revenue of $18 million or above
  2. Data capture support from heterogeneous data sources
  3. Available to customers as SAAS or a software-or-appliance-based product

If a vendor meets all of the different requirements, then they’re put up for consideration. In total, the most recent Gartner Magic Quadrant saw 17 vendors make the list. You can see each of them down below: 

  • BlackStratus (Niche Player)
  • ManageEngine (Niche Player)
  • AlienVault (Niche Player)
  • Dell Technologies (Leader)
  • Exabeam (Leader)
  • Fortinet (Niche Player)
  • LogPoint (Niche Player)
  • LogRhythm (Leader)
  • IBM (Leader)
  • Micro Focus (Challenger)
  • SolarWinds (Niche Player)
  • Netsurion-EventTracker (Niche Player)
  • McAfee (Leader)
  • VenusTech (Niche Player)
  • Splunk (Leader)
  • Securonix (Leader)
  • Rapid7 (Visionary)

Why is the Gartner Magic Quadrant SIEM important?

When this report is published, it brings together so much information on the best SIEM solutions out there. In turn, this helps organizations deal with things like threat detection, log management, and so on. Without a good SIEM vendor, you can’t boast a sound network security system. 

Therefore, the Gartner Magic Quadrant SIEM is vital as it provides the most detailed and unbiased view of the 17 best options out there. Companies can read the report and make their own conclusions based on what they deem is important to them. As a result, you end up with the ideal SIEM solution that caters to your needs – and you know you can trust it as it made the quadrant!

In summary, the Gartner Magic Quadrant SIEM is essentially a system used to review all the SIEM solutions out there. If you’re looking for the best SIEM tool, then you can use this report to help come to the right decision. It is released every year, and the most recent version for 2018 is available as you read this. 

BitLyft aims to provide you with a simple no-nonsense solution to keep your business safe from online threats. If you’d like to learn more, don’t hesitate to get in touch with us today to speak to one of our friendly representatives.  

We’ll help explain the services we offer and how they can be customized to your exact needs.

Gartner Magic Quadrant for Security Information and Event Management

Jason Miller

Jason Miller, Founder and CEO of BitLyft Cybersecurity, has dedicated his 20-year IT career, including co-founding SaaS pioneer Reviora, to removing cybersecurity barriers for mid-sized enterprises. Establishing BitLyft in 2016, Jason set out to unburden security teams with innovative, approachable, and affordable solutions, a vision which has made BitLyft a respected managed detection and response provider. Outside his cybersecurity pursuits, Jason is an avid tree farmer and outdoor enthusiast, planting nearly 300 trees on his ten-acre plot and finding joy in hiking, hunting, and driving his white Tesla Model 3. His diverse passions mirror the balanced blend of expertise, dedication, and joy he brings to BitLyft.

More Reading

row in a server farm with server cabinets on both sides of the isle
Managed SIEM vs. SIEM On-Prem: Pros & Cons
Security Information and Event Management, also known as SIEM technology, is a crucial part of any organization’s cybersecurity strategy. But should you install your SIEM tools on-prem? Or should you...
world map with hexagons and padlocks
What is SIEM in Cybersecurity and Why Is It Useful?
Small to medium-sized businesses, organizations, and municipalities have a problem.
man's face looking at computer code
How Mature Is Your Managed SIEM Service?
Here’s a little trick to help you determine whether your managed SIEM is a mature solution: ask your service provider what the ‘M’ in SIEM stands for.