The Gartner magic quadrant is ubiquitous at security sales presentations. Being featured in the quadrant, the leaders quadrant in particular, is a part of the vendor pitch and the recognition that it provides may have an impact on the purchasing decision. Is it of such significance and should it impact your purchase decision?
Gartner does provide useful analysis of security products, their penetration into markets and their product maturity. I occasionally check out Anton Chuvakin’s blog on SIEM as I find it a useful resource in my own specialisation. Knowing the quality of the output (at least in the SIEM blog), I have some faith that the MQ delivers what it promises to deliver. This is what one needs to note: is the MQ’s judgement criteria relevant to your purchase decision?
In very few sales presentations that I have attended have I seen an actual quote from Gartner’s analysis provided by the vendor. They have contented themselves to put up the MQ itself to allow potential clients to assume that that means it is a fantastic product or, if the product is the highest and rightmost on the chart, the best product. The clients for their part appear to fall for the assumption. This is not what the MQ is meant for. While the MQ does say something about the market penetration, the vision and coverage of the product and vendor, it says very little about whether the product fits your business. Users look for products in the top-right quadrant, when in fact a product in the top-left may be a much better fit for your environment.
Gartner explains their methodology for the magic quadrants here.
Gartner is very open in stating that the quadrants talk about the capabilities of the technology providers in executing and envisioning the future for the type of product. It says nothing about the technology solution on offer and does not pretend to. Gartner’s critical capabilities articles are much more useful when considering products provided by the vendor. More importantly, use this as no more than as a starting point when considering dealing with a vendor / product. There might even be a chance that the best-fitting product is not there in the quadrant or that there is no quadrant for the kind of product that will fit your requirement.
Gartner’s analysis is inadequate to inform you as to whether the product will work for you. Get your vendors to come up with a proposal to fit your requirements and perform a proof of concept with a few vendors and with you security team to really understand the product for your decision making.
You might also find these articles interesting:
The horror of the security product presentation
Comparing SIEMs for your environment
I am speaking at the CSX 2016 Asia Pacific conference (14-16th November 2016) on SIEM. Check it out: http://www.isaca.org/cyber-conference/csxasia.html