About the Gartner Magic Quadrants
These annually updated Magic Quadrants have a significant influence on companies buying decisions and the product roadmap from the different vendors. Therefore, we use the relevant MQ’s as a reference for how we work and the solutions we choose.
The for IT visibility relevant Gartner MQ’s are:
- Application Performance Monitoring (i.e. APM)
- Network Performance Monitoring and Diagnostics (i.e. NPM or NPMD)
- Identity and Access Management (i.e. IAM)
- Security Information and Event Management (i.e. SIEM)
When having conversations about the expected results with visibility on the availability, performance and integrity of applications and networks, people have different perspectives; especially around abbreviations like APM and NPM; let alone when adding SIEM and IAM to the equation.
What makes it even more challenging is that vendors with supporting products are often using phrases like “application visibility” or “network visibility”. To some extent, people translate this as having visibility on what their applications and networks are doing. While in reality it is merely a data collection method.
To make sure everybody is on the same page, the remaining sections provide a brief overview of the working area of these Magic Quadrants.
The Network Performance Monitoring space (NPM) has gone through some changes over the years. You may remember abbreviations such as aaNPM (Application Aware Network Performance Monitoring) and NPMD (Network Performance Monitoring and Diagnostics).
While both areas are utilizing packet sniffing (i.e. wire data) there is a significant difference. The aaNPM-area is about collecting meta data about (for example) transactions of web applications and databases. While the NPMD-area is about collecting flow statistics and storing packets for retrospective analysis.
Until a few years age, both where seperate MQ’s. In 2013, Gartner decided to make aaNPM part of their APM-MQ and within that the RUM section. The NPMD-MQ has remain the same. More information can be found in this blog.
Since this market space is about analyzing application flows, the sweet spot for NPMD type of solutions is:
- Domain and root-cause analysis when experiencing performance issues.
- Detect network oriented attacks like for example DDoS.
- Complementary support for different type of security systems.
- Can be used in any type of infrastructure: SaaS, IaaS, PaaS, private and hybrid.
Because of this sweet spot, we believe that the network is a good (or even the best) starting point for application health-check’s and Visibility-as-a-Service.
Gartner defines Application Performance Monitoring (APM) as having a way of:
- Digital experience monitoring (DEM)
- Application discovery, tracing and diagnostics (ADTD)
- Application analytics (AA)
By the way this is described, only web applications are supported. In addition, instrumenting web applications to the full extent of an APM solution require agents on all systems belonging to the applications to be monitored.
Deploying such agents requires access to the operating system of the clients (for the synthetic monitoring) and the application servers (for all other types of monitoring). This means that “by nature”, it is mandatory to have these applications running in a privately owned environment like a privately owned datacenter, a private cloud or an IaaS (i.e. Infrastructure-as-a-Service).
Deploying an APM solution for cloud services like SaaS (Software-as-a-Service) and PaaS (Platform-as-a-Service) limits the instrumentation to Real-User-Monitoring (RUM) and STM (Synthetic Transaction Monitoring).
The territory called (Digital) Identity Management is a framework of processes, policies and technologies ensuring that the proper people in an organization have the appropriate access to applications, technology and data.
The working area of processes and policies is called IGA (Identity Governance Administration). Meaning that IGA-processes allows organizations to monitor and ensure that identities and security rights (i.e. policies) are correct, as well as managed effectively and securely.
Part of IGA is IAM (i.e. Identity and Access Management). Meaning IAM is the technology for an automated way of managing user identities and their access privileges for various application, technology and data. Any IAM solution should have at least the following components:
- How individuals are identified in a system.
- How roles are identified in a system and how they are assigned to individuals.
- Adding, removing and updating individuals and their roles in a system.
- Assigning levels of access to individuals or groups of individuals.
- Protecting the sensitive data within the system and securing the system itself.
With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.
Security information and event management (SIEM) is an approach to security management that combines SIM (Security Information Management) and SEM (Security Event Management) functions into one security management system.
The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. For example, when a potential issue is detected, a SIEM might log additional information, generate an alert and instruct other security controls to stop an activity’s progress.
At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEMs have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR).
Below some of the most important features to review when evaluating SIEM products:
- User and Entity Behavior Analytics (i.e. UEBA) – Can the system create a baseline about the normal behavior for each user/entity?
- Integration with other controls – Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?
- Artificial intelligence – Can the system improve accuracy through machine and deep learning?
- Threat intelligence feeds – Can the system work with threat intelligence feeds?
- Robust compliance reporting – Built-in reports for common, industry standard compliance needs; including the ability to customize or create new compliance reports?
- Forensics capabilities – Can the system capture additional information about security events by recording the headers and contents of packets of interest?
Fill in this form if you want to know more about our solution portfolio and how it relates to the Gartner MQ’s.