Tag: Gartner

Posted on

Microsoft and Splunk Lead in Gartner 2024 MQ for SIEM

The digital security landscape is constantly challenged by sophisticated threats, making the role of Security Information and Event Management (SIEM) systems more critical than ever. In the 2024 Gartner® Magic Quadrant™ for SIEM, Microsoft and Splunk have been recognised as leaders, demonstrating excellence in vision and execution in the SIEM space.

Gartner said in their 2024 report that “The SIEM market grew from $5.03 billion in 2022 to $5.7 billion in 2023 (see Market Share: All Software Markets, Worldwide, 2023), a 13% annual growth rate compared to a 22% increase the previous year. The primary drivers of a SIEM purchase are threat detection, response, exposure management and compliance. Buyers are seeking a SIEM ecosystem with broad and deep capabilities to satisfy multiple security and business use cases with capabilities to support a diverse environment.”

Image (c) Gartner 2024

The Significance of SIEM in Cybersecurity

SIEM technology is essential for organisations to effectively manage security events and information. It provides real-time visibility across an organisation’s information security systems (multi vendor), providing single pane of glass event log management, compliance reporting, and incident response capabilities. The ability to swiftly detect, analyse, and respond to security incidents is what makes SIEM a cornerstone of enterprise security strategies.

Friends and Foes?

In 2023, Splunk and Microsoft agreed to partnering to help build Splunk’s enterprise security and observability offerings on Microsoft Azure. This means that Splunk solutions are now available for purchase on the Microsoft Azure Marketplace as well as AWS Market place. This is great for both parties and Microsoft Partners who sell and deploy Azure Services to their clients.

Microsoft’s Leadership with Sentinel

Microsoft has been acknowledged as a leader in the Gartner Magic Quadrant for SIEM for its comprehensive, cloud-native solution, Microsoft Sentinel1. According to Gartner, Microsoft Sentinel stands out with its unified security operations platform, blending SIEM, XDR, AI, Threat Intelligence, and extended posture management into a single experience. This platform is powered by generative AI, offering end-to-end protection and consolidating various security operations tools into a coherent experience.

Strengths:

Best Fit for Sentinel:

Gartner cite Microsoft Sentinel as being best for organisations that require or demand a cloud-native SIEM solution with advanced AI capabilities and integration with other Microsoft security products will find Microsoft Sentinel to be an ideal fit. Sentinel works with a huge number of external cloud and on-premises data connectors (including Splunk).

Splunk’s Data-Centric Excellence in SIEM

Splunk remains a joint leader in the SIEM market, praised as always for their data-centric security analytics solution, The Enterprise Security application from Splunk is available both on-premises and as SaaS. Splunk provides pricing flexibility, which can be based on daily data ingestion or cloud workloads, referred to as Splunk Virtual Compute. Splunk primarily serves large enterprise organizations in North USA

Splunk have said they are launching a new AI Assistant for Security, which will be integrated with Enterprise Security to enhance detection and response functions. Cisco finalized the acquisition of Splunk on March 18, 2024 and we expect to see integration and cross pollenisation of their combined portfolio at somepoint in 2025.

Gartner point out that currently Splunk has a significantly higher-than-average cost compared to other vendors in their report, is more complex to deploy and configure (measured in pro services days) and currently low numbers of sales support staff outside the US – though with Cisco’s aquisiton of Splunk this is likely to change over the next 18-24 months.

Strengths:

  • Overall observability: The Splunk platform can integrate security, IT, application and other data sources. This, coupled with its federated search and analytics capabilities across third-party data stores, is a strength for clients seeking to build highly enriched queries and alerts.
  • Extensive integration: Splunk’s integration of SOAR enhances a wide range of common SIEM use cases. Clients wanting quick time to production automation for common SIEM operational functions will find Splunk’s library of playbooks a strength.
  • User interface: Splunk’s UI and dashboard provide significant customization. Clients requiring custom animations and visualization for specialized monitoring, such as OT or financial systems, will find the UI editor an overall strength

Best Fit

Splunk is particularly suited for very large organisations that value a data-driven approach to security and need powerful analytics to manage complex security environments. Microsoft is actually one of Spunk’s largest customers.

Conclusion

Microsoft and Splunk continue to lead the SIEM market with their innovative solutions. Sentinel offers a world-class leading, cloud-native, AI-enriched platform that simplifies operations and accelerates threat resolution.

Splunk provides a robust, data-centric approach to security analytics, enabling organizations to respond to threats with speed and precision and is ideally suited for the largest of enterprises as well as those who remain mainly on-prem and less “all in with cloud”. Splunk also has a strategic alignment and integration with Microsoft Sentinel.

As a Microsoft and Cisco leading UK partner, we are excited to be working with both Cisco and Splunk (Cisco) in this space with the abiluty to guide and consult around customer hosted, Azure hosted and cloud-native SIEM solutions. We also love ther fact that we can now meet customers on their ground with the ability to deploy Splunk on Azure via the market place to our clients.

Posted on

Microsoft and Cisco: Leaders in the Gartner 2023 Magic Quadrant for Unified Communications as a Service

Gartner this week published their 2023 Magic Quadrant for Unified Communications as a Service. The full report from Gartner details all the players across all quadrants. This blog is a summary of the highlights from this report on the strengths and weaknesses across both Microsoft and Cisco – who have been in the top right quadrant for many years.

2023 – Key Unified Comms Trends – by Gartner

Gartner’s report identifies an increasing demand for bundles UCaaS and CCaaS solutions, along with the continued growing popularity and demand for Microsoft Teams for voice, meetings and messaging. They also point out the growing importance of CPaaS for customisation and integration, and the changing preferences of users moving more towards collaboration rather than telephony and dial-tone calling. There are five leaders in the 2023 magic quadrant ranked in the following order:

  1. Microsoft
  2. Ring Central
  3. Zoom
  4. Cisco
  5. 8×8

I have summarised the core two vendors I work closely with below

Summary of Microsoft’s Position in 2023

  • Microsoft Positioning: Microsoft remain 1st – top right in the leader’s quadrant with the gap between their competitors increasing. They continue to grow their market share and this year have seen more vendors join their partner eco system for phones and meeting rooms including Cisco.
  • Microsoft’s strengths: Microsoft Teams is the most popular choice in the UCaaS market, especially for organisations that are already using it for messaging and meetings. Microsoft Teams’ telephony capabilities satisfy the requirements of most organisations, and Microsoft has invested have many options to bring telephony into Teams including their own calling plans, direct routing, direct routing as a service and more recently in Operator Connect services. Microsoft has strong financial health and a long track record as a UC/UCaaS vendor. Their seamless integration into both Microsoft 365 and vast extensibility has been a key ingredient for its continued success.
  • Microsoft’s cautions: Microsoft Teams Phone still has some gaps in advanced telephony features, which require third-party solutions or integrations – though it is noted that they are working to close these. Gartner also points out that Microsoft does not offer a self-developed contact center solution for Teams which requires customers to choose from a wide range of varying solutions and levels of integration. Gartner also calls out that Microsoft’s availability SLA target for core UC services (other than PSTN) is lower than most of the UCaaS market.

Summary of Cisco’s Positioning in 2023

  • Cisco Positioning: Cisco remain in the top right quadrant (4th out of 5) but have been over-taken recently by pureplay UCaaS vendors including Zoom and RingCentral. They remain a solid UCaaS vendor with quality products and services.
  • Cisco’s strengths: Gartner credit Cisco as one of the few UCaaS vendors that can deliver a complete, self-developed UC portfolio, including hardware, software, and cloud services. They call out that Cisco has deep expertise and investments in security, regulatory, and industry-specific capabilities and certifications. Cisco has also made big improvements in its Webex Control Hub for unified management, making it a competitive option for large and/or highly distributed multinational organisations.
  • Cisco’s cautions: Gartner say that Cisco’s offering is perceived to be more expensive than its competitors, and its pricing strategy is not very aggressive. Cisco’s Webex contact center solution, whilst suitable for small or midsize contact centres, is not best choice for large, high-volume ones. Cisco faces continued fierce competition from other UCaaS vendors that offer collaboration capabilities to its existing customers, and many have also partnered with Microsoft to provide more choice.

The following table shows a comparison of the vendor, strengths and cautions:

VendorStrengthsCautions
MicrosoftPopular and growing choice for voice, messaging and meetings

Satisfactory telephony capabilities

Strong integration with their own- and third-party apps and services.

Strong financial health and track record with loyal customer base.		Gaps in advanced telephony features

No self-developed contact center option

Lower availability SLA target

Confusing PSTN options
CiscoComplete, self-developed UC portfolio

Deep expertise and investments in security and regulatory

Strong unified management for large and distributed organisations		Perceived to be more expensive than competitors with complicated discount schemes

Contact center solution not suitable for large, high-volume ones

Vast competition from other UCaaS vendors for collaboration
Summary of Cisco and Microsoft in 2023 Garner MQ for UCaaS

Summary

In summary, this report evaluates the UCaaS providers based on their ability to execute and completeness of vision. Microsoft and Cisco are both Leaders in this Magic Quadrant, but they have different strengths and weaknesses.

Gartner say that Microsoft excels in messaging and meetings but lacks advanced telephony features without third parties and has no native contact center solution.

Gartner say that Cisco offers a comprehensive UC portfolio but is more costly and less competitive in contact center. They also have fierce competition amidst the continued growth of Teams and pure play UCaaS providers.

Posted on

Windows 365 and Azure Virtual Desktop recognized as a Leader in 2023 Gartner Magic Quadrant for Desktop as a Service

Microsoft has been recognized as a Leader in the inaugural Gartner Magic Quadrant™ for Desktop as a Service (DaaS). According to Gartner, DaaS is defined as “the provision of virtual desktops by a public cloud or service provider” and encompasses a variety of cloud solutions, such as Windows 365 and Azure Virtual Desktop, which are described in a way that is familiar to customers of varying backgrounds and technical expertise.

Given the newness to the market of Microsoft’s two offerings in this space, it’s incredible to see Microsoft leading in this catagory (ahead of the golden players like Citrix and VMware).

Gartner stated in their report that “Microsoft is one of the few vendors with significant global presence,” and “Microsoft is in a unique position, as it owns the architecture for Windows, Intune, Microsoft 365 applications, Azure, Azure Virtual Desktop, and Windows 365.”

Microsoft have two offerings in this space which are both designed to provide organisations with secure and versatile cloud desktop solutions that support flexible work options.

  • Windows 365 – a fully managed DaaS solution that securely streams personalised Windows desktop, apps, settings, and content from the Microsoft Cloud to your Cloud PC which can be accessed from the device of your choice.
  • Azure Virtual Desktop, a full enterprise cloud virtual desktop infrastructure (VDI) platform that delivers hosted remote desktops and apps with flexibility and control without compromising on security.

You u can check out my short user experience demo on Windows365 here.

Posted on

Microsoft Sentinel |2022 Gartner Magic Quadrant leader | Security Information & Event Management

Microsoft has been named a Leader in the 2022 Gartner Magic Quadrant for Security Information and Event Management (SEIM) and was positioned highest on the measure of Ability to Execute axis.

Gartner Magic Quadrant for SEIM 2022

What is Sentinel?

Microsoft’s end to end security takes the best of SIEM and combines that with the best of extended detection and response (XDR) to deliver a unified security operations platform.

Microsoft Sentinel is a scalable, cloud-native solution that provides:

  • Security information and event management (SIEM) and
  • Security orchestration, automation, and response (SOAR).

Sentinel delivers intelligent security analytics and threat intelligence across the enterprise with integration into almost any application, network and service. Sentinel provides a single comprehensive, intelligent, AI driven solution for attack detection, threat visibility, proactive hunting, and threat response.

It’s unique bird’s-eye view across the enterprise, helps alleviate the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames which often cripples IT and SecOps teams.

Leaders because….?

Microsoft’s vision for protecting organisations from threats is unique compared to competitor vendors/products that only offer a SIEM platform. Just look at how far they have moved in 12 months… Incredible for a fairly new product.

In the annoucement from Microsoft on the recognition they say that “the breadth of coverage only a SIEM can provide and the depth of insight that XDR provides. That means that organisations that leverage Microsoft security solutions have more context to work from to resolve attacks faster. Customers using our XDR capabilities, such as Microsoft 365 Defender, also receive a discount on their data ingestion into Microsoft Sentinel.

You can access and read the full Gartner report here

You can also get a free trial (or free workshop) for Sentinel by following the link here or by speaking to you Microsoft Security Partner.

Proudly powered by WordPress