Selected SOC Technologies Search Trends – 7th Dec 2018 Nadhem J. AlFardan, PhD https://www.linkedin.com/in/nadhem -------------------------------------------- Splunk, QRadar, Logrythm and Exabeam are commercial log management and security analytics platforms that are in the 2018 Gartner “Magic Quadrant for Security Information and Event Management” report. Although Elasticsearch is not in the Gartner report (hmmm, I wonder why!), the Elastic stack is an open source platform that has been adopted or is being considered by many organizations globally, mainly for log management, and in many case for security analytics and threat hunting. The “interest over time” output shows that most users search for the terms “Elasticsearch” and “Splunk”. Few searches are for “QRadar” and much fewer for “Logrythm” “Exabeam”. Is that a good reflection/measure of how popular these technologies are?! So why Elasticsearch and Splunk are on top? Less searches on QRadar, Exabeam and Logrythm Trying to understand why ... Elasticsearch is an open source platform. Hence you expect users searching the Internet for articles or answers to questions. Although Splunk is a commercial tool, a free version exists. In addition, Splunk has the concept of being an open platform that has a commercial licensing model. It is very common for Splunk users to search the Internet for answers for questions on Splunk. QRadar, Exabeam and Logrythm are commercial tools. Organizations might tend to reach out to vendor instead of searching the Internet. The term “splunk” leads the searches in the US, UK, Australia, Singapore, UAE, etc. Why? What do these countries have in common? The term “elasticsearch” leads the search in most of the countries. Why? It is interesting to note that 93% of the searches in China are for the term “elasticsearch”. In Russia, it is 72%. These are very high numbers. Why? What do these countries have in common? The search for the term “qradar” is 19% for the UAE. Much higher than other countries for the same search term. Why?