What SIEMs to be the problem?

Thanks to some big acquisitions in the SIEM space, the industry is going to change dramatically in appearance. Tom Brewster explores why...

Security

COMMENT In the space of a few hours, two big announcements from the security information and event management (SIEM) industry hit yesterday.

Intel-owned McAfee decided it wanted a piece of the pie so it snapped up Nitro Security.

Meanwhile, IBM joined the party by agreeing to acquire Q1 Labs a company which was adamant it was not for sale just 12 months ago.

Last year, HP spent an absolute fortune on getting its mitts on ArcSight - a company then (and still) ranked as the market leader.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

This would all indicate the SIEM industry is rather big one. The irony is, these three major acquisitions may actually herald the end of the SIEM market as we know it.

It's not an industry, it's a feature

In all three acquisitions noted above, the acquired party has or will see its technology rolled into a bigger package. In the case of Q1 Labs, it will form part of an entirely new division within IBM. Recently-appointed CEO of Q1 Labs, Brendan Hannigan, will even head that division once the deal goes through.

Everyone knows that SIEM is just one layer of what companies would need for effective protection, but these recent acquisitions have indicated SIEM is not an industry on its own. With these big deals came an acceptance that SIEM is really just a feature.

During a press conference yesterday, Hannigan even admitted that SIEM was just a part of what he called "security intelligence."

"The end point is security intelligence which is broader than SIEM," Hannigan told IT Pro.

Advertisement - Article continues below

"Firms that focus just on log management and event correlation will be limited. Security intelligence is the key."

Hannigan said the best way for Q1 Labs to provide its services to end customers was to through a larger vendor in this case IBM. "We will be able to offer significantly better solutions than we could have done before," he added.

Put simply, expect the rest of the SIEM industry to be gobbled up by tech giants in the coming months. Their products will also be rolled into existing, wider ranging security offerings, leaving the sector looking rather thin.

Just like deduplication in storage, SIEM is just a piece of a larger pie that vendors won't be able to rely on as a sole selling point in the future.

Advertisement
Advertisement - Article continues below

What will Symantec do?

So HP, IBM and McAfee have all joined the party. That leaves one notable absentee: Symantec.

Advertisement - Article continues below

Earlier this week, Symantec CEO Enrique Salem said his company was considering spending another $1 billion on acquisitions. However, Salem did not mention the SIEM, or security intelligence, segment. Instead he focused on mobile, virtual spaces and the cloud.

Nevertheless, with chief rival McAfee making a splash yesterday, Symantec will be keen to show it isn't off the pace.

Of course, Symantec already has a product in the area the unimaginatively titled Security Information Manager.

But to consolidate its dominance of the security landscape, it will want to have the best of breed in the intelligence space. With others acquiring some impressive companies, Symantec would do well to show it wants to be a serious player in this space.

So who could it be looking at? Rapid7 is one growing company in this area. Just today it announced it was expanding into Europe with a new base on the continent.

However, it didn't appear on Gartner's SIEM Magic Quadrant from earlier this year. Now that Q1 Labs and NitroSecurity have been snapped up, the best option from Gartner's rankings appears to be LogLogic.

Advertisement - Article continues below

It is still a relatively small comoany, with just 150 employees, but that might make it even more attractive for a prospective buyer, given how highly rated the company is.

Symantec has had its options cut thanks to IBM and McAfee, but there's still plenty of choice.

We'll just have to wait and see if Salem will want to splash some of the companies millions (possibly billions) on an intelligence firm. It would be a smart move doing so sooner rather than later.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/34079/has-the-us-government-finally-nabbed-john-mcafee
Security

Has the US government finally nabbed John McAfee?

24 Jul 2019
Visit/cloud/33999/ibm-doubles-down-on-red-hat-independence
Cloud

IBM doubles down on Red Hat independence

10 Jul 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020