What SIEMs to be the problem?

Thanks to some big acquisitions in the SIEM space, the industry is going to change dramatically in appearance. Tom Brewster explores why...

Security

COMMENT In the space of a few hours, two big announcements from the security information and event management (SIEM) industry hit yesterday.

Intel-owned McAfee decided it wanted a piece of the pie so it snapped up Nitro Security.

Meanwhile, IBM joined the party by agreeing to acquire Q1 Labs a company which was adamant it was not for sale just 12 months ago.

Last year, HP spent an absolute fortune on getting its mitts on ArcSight - a company then (and still) ranked as the market leader.

This would all indicate the SIEM industry is rather big one. The irony is, these three major acquisitions may actually herald the end of the SIEM market as we know it.

It's not an industry, it's a feature

In all three acquisitions noted above, the acquired party has or will see its technology rolled into a bigger package. In the case of Q1 Labs, it will form part of an entirely new division within IBM. Recently-appointed CEO of Q1 Labs, Brendan Hannigan, will even head that division once the deal goes through.

Everyone knows that SIEM is just one layer of what companies would need for effective protection, but these recent acquisitions have indicated SIEM is not an industry on its own. With these big deals came an acceptance that SIEM is really just a feature.

During a press conference yesterday, Hannigan even admitted that SIEM was just a part of what he called "security intelligence."

"The end point is security intelligence which is broader than SIEM," Hannigan told IT Pro.

"Firms that focus just on log management and event correlation will be limited. Security intelligence is the key."

Hannigan said the best way for Q1 Labs to provide its services to end customers was to through a larger vendor in this case IBM. "We will be able to offer significantly better solutions than we could have done before," he added.

Put simply, expect the rest of the SIEM industry to be gobbled up by tech giants in the coming months. Their products will also be rolled into existing, wider ranging security offerings, leaving the sector looking rather thin.

Just like deduplication in storage, SIEM is just a piece of a larger pie that vendors won't be able to rely on as a sole selling point in the future.

What will Symantec do?

So HP, IBM and McAfee have all joined the party. That leaves one notable absentee: Symantec.

Earlier this week, Symantec CEO Enrique Salem said his company was considering spending another $1 billion on acquisitions. However, Salem did not mention the SIEM, or security intelligence, segment. Instead he focused on mobile, virtual spaces and the cloud.

Nevertheless, with chief rival McAfee making a splash yesterday, Symantec will be keen to show it isn't off the pace.

Of course, Symantec already has a product in the area the unimaginatively titled Security Information Manager.

But to consolidate its dominance of the security landscape, it will want to have the best of breed in the intelligence space. With others acquiring some impressive companies, Symantec would do well to show it wants to be a serious player in this space.

So who could it be looking at? Rapid7 is one growing company in this area. Just today it announced it was expanding into Europe with a new base on the continent.

However, it didn't appear on Gartner's SIEM Magic Quadrant from earlier this year. Now that Q1 Labs and NitroSecurity have been snapped up, the best option from Gartner's rankings appears to be LogLogic.

It is still a relatively small comoany, with just 150 employees, but that might make it even more attractive for a prospective buyer, given how highly rated the company is.

Symantec has had its options cut thanks to IBM and McAfee, but there's still plenty of choice.

We'll just have to wait and see if Salem will want to splash some of the companies millions (possibly billions) on an intelligence firm. It would be a smart move doing so sooner rather than later.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021