According to Gartner, Security Information and Event Management has reached the "plateau of productivity" which means that the solution is now being bought by "mainstream" customers.  This has led some customers to lament that "all vendors sound the same". However, don't be fooled by the "mainstream" label and the apparent similarity of vendors.  A lot of innovation is still possible and required in the Security Management and Log Management market.  In fact, somebody at the Gartner IT Security Summit asked me: "how many people are actually happy with their existing security management solutions"?  Anecdotally we know that many customers are on their second or third attempt at security management and some of the maturity challenges have been well documented, such as in a recent blog by Adrian Lane and Mike Rothman, who said (paraphrased): "the Security Information and Event Management space has struggled over the last decade because the platforms were too expensive, too hard to implement, and (paraphrasing) did not scale well without investing a pound of flesh". The exact answer comes from Derek Brink from Aberdeen who did a great benchmark study recently.  You can watch him present his study here. Only "best in class" vendors, which is 20% of the total population, actually achieves a positive gain in a reduction of the number of incidents, the number of audit deficiencies and the total management costs related to leveraging security logs, information and events.     Derek's study also highlights specific product deficiencies: Most notably, the complexity of security management and log management solutions is a major inhibitor of adoption.  This finding is consistent with the "crossing the chasm" theory, which states that "mainstream" adopters are looking for ease of use and integration first.  I If you want to find out a quantitative score of security management and log management vendors in "Deployment and Support Simplicity" check out the Gartner Critical Capabilities Study here.     In addition to ease of deployment and ease of use, there are some other product areas that still require significant innovation. Even "best in class" vendors, lag when it comes to: 1) Automate remediation 2) Correlate data 3) Normalize data 4) Analyze data 5) Prioritize incidents Make sure to ask your vendor about their planned roadmap and innovation in each of these areas before making a purchasing decision!