What is Going on with the SIEM market?

After Exabeam and LogRhythm announced their intent to merge and IBM announced its intent to sell its QRadar assets to Palo Alto, you might be thinking, “What is going on with the SIEM market?” 

These developments actually reflect the strength of the market when you consider the full context. Microsoft entered this market about five years ago, around the same time as Google. Cisco recently jumped in by acquiring Splunk, and now we have Crowdstrike and Palo Alto Networks as part of the mix. 

This context also explains why the two recent moves are happening. This market is becoming more competitive. Those without a strong product are losing ground fast, and for them, M&A is the only option. 

The SIEM market has evolved a lot since its early days. Each wave of evolution left some casualties behind. Those using old, traditional relational databases in their core were among the first to fall. Then came those who failed to truly add UEBA and SOAR capabilities to their solutions – meaning not simply changing the colors of their UI. The move to the cloud was a big one, and those who took too long to build a native cloud platform ended up with a huge technology debt that crippled their ability to innovate. The recent announcements of the last few days from Exabeam, LogRhythm and IBM are clear examples of this.

Alongside these evolutionary waves, a crop of new entrants with deep pockets, such as Microsoft and Palo Alto, have emerged. They have ambitious “platform” plans and the SIEM is a crucial part of that puzzle. The appetite of these vendors for market share has accelerated the demise of those burdened by excessive tech debt.

However, even with all their investments, it doesn’t mean that the market will consolidate into just three or four big players. It is well known that large vendors struggle with innovation, and the cybersecurity realm requires constant and rapid innovation. We need to keep up with threat actors, who are really great innovators, so this is not a space where a large vendor can dominate with a broad, “good enough” platform.  

What does this mean for Securonix? We believe that we are in a great position to support organizations affected by these changes. Securonix built its cloud native platform a few years ago, and with the adoption of strong partners providing leading-edge foundational components, such as the Snowflake data cloud and AWS Bedrock, we are well positioned to continue innovating. A few days ago we launched Securonix EON, a set of capabilities that set the stage for our AI-Reinforced platform, built on a Cybersecurity Mesh architecture and delivering a frictionless experience to CyberOps teams. 

We are an ideal alternative to the customers dealing with the pains of M&A activity affecting their current SIEM provider. Not only that, we offer a solution for those who do not want to be subject to vendor lock-on and settle for “good enough”. 

Securonix welcomes and embraces the change to the SIEM market. As a 5 time leader in the Gartner Magic Quadrant for SIEM, we are accustomed to fierce competition and excited about this renewed interest in SIEM. Throughout the changes in our space, our mission remains the same – we are focused on  securing the world by staying ahead of cyber threats.