10 Big Moves In The SIEM Market In 2024

Big mergers and major product launches are among the key moves by SIEM vendors this year.

While the completion of Cisco’s $28 billion acquisition of SIEM stalwart Splunk was entirely expected for 2024, two of the other big consolidation moves in the market for SIEM (security information and event management) were not. And incidentally, both of those deals were announced the same day in May. Just hours after Exabeam and LogRhythm announced plans to merge on May 15, Palo Alto Networks announced an agreement to acquire IBM’s QRadar SaaS business for $500 million. “Today is the day three SIEM tools died,” Google Cloud’s Anton Chuvakin wrote that day on X, referencing LogRhythm, Exabeam and IBM QRadar.

Analysts have said this major shakeup to the SIEM market in 2024 clearly signals the pressure that older SIEM vendors have been facing from the moves into the market by cloud giants including Microsoft and Google Cloud — as well as by cybersecurity juggernauts like Palo Alto Networks with its fast-growing Cortex XSIAM (extended security intelligence and automation management) offering. And looking ahead, “we’re going to continue to see consolidation in this market, for sure, especially the security analytics platform market,” said Allie Mellen, principal analyst at Forrester, in a previous interview with CRN.

Meanwhile, many leading SIEM vendors also announced major product launches in 2024, with a focus on introducing new GenAI-powered capabilities and integrating SIEM with other tools used by security operations teams such as XDR (extended detection and response).

As part of CRN’s Cybersecurity Week 2024, we’ve collected the details on 10 big moves in the SIEM market in 2024 in the following slides.

Cisco Completes Splunk Acquisition

In March, Cisco Systems completed its $28 billion acquisition of SIEM stalwart Splunk, aimed at bringing a huge influx of data and AI capabilities to the Cisco security platform. “In order to be a world-class security company, you have to deal with these breaches at machine scale, not at human scale,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, in an interview with CRN. “And in order to deal with [breaches] at machine scale, you have to be really good at AI. And you can’t be good at AI if you’re not good at data. And Splunk provides us a massive data platform.” Key moves announced since the completion of the acquisition have included the integration between Splunk and Cisco’s XDR (extended detection and response) platform — which makes Splunk more effective through connecting deeply into Cisco networking and security infrastructure, according to Cisco executives.

Palo Alto Networks Acquires QRadar SaaS From IBM

In September, Palo Alto Networks completed its $500 million acquisition of IBM’s QRadar SaaS that had been announced back in May. With the deal, Palo Alto Networks has been squarely focused on enabling customer migrations to its Cortex XSIAM (extended security intelligence and automation management) platform, while also looking to speed up its journey to becoming a top player in the SIEM market. The cybersecurity giant acquired the SaaS assets associated with IBM’s QRadar offering, including QRadar intellectual property — though the company made clear that it’s also looking to pursue the migration of on-premises QRadar customers to XSIAM. Given the sizable base of customers using QRadar on-prem, that opportunity “is a much larger prize,” Palo Alto Networks CEO Nikesh Arora said in May.

On the product front, Palo Alto Networks in April unveiled Cortex XSIAM for Cloud, with key enhancements including the introduction of cloud detection and response (CDR) capabilities.

Exabeam-LogRhythm Merger

In July, Exabeam and LogRhythm announced the closure of their merger, with the company known as Exabeam going forward. LogRhythm, founded in 2003, and Exabeam, founded in 2013, said in a news release that they were joining forces to “create a best-of-breed cybersecurity vendor” focused on “AI-driven” security operations. Product-wise, the combination will result in “augmenting LogRhythm SIEM with Exabeam’s New-Scale AI-driven features, including UEBA and Exabeam Copilot,” Exabeam said. The combined company is now being led by CEO Chris O’Malley, who had previously served as CEO of LogRhythm. Former Exabeam CEO Adam Geller was named chief product officer at Zscaler in late September.

CrowdStrike Launches Falcon Next-Gen SIEM

In May, CrowdStrike announced the general availability launch for its Falcon Next-Gen SIEM offering, as well as several new capabilities for the product. Falcon Next-Gen SIEM (security information and event management) has been updated with numerous additional integrations with third-party technologies as well as greater incorporation of the company’s Charlotte GenAI assistant, CrowdStrike CTO Elia Zaitsev told CRN. In addition to unveiling “hundreds of integrations,” CrowdStrike has now “fully integrated the advanced AI capabilities of Charlotte to assist and operate the next-gen SIEM platform,” he said. Another key capability that hadn’t been previously available in Falcon Next-Gen SIEM was what the company describes as “multiplayer” functionality, Zaitsev said.

Huntress Unveils Managed SIEM Offering

In August, Huntress unveiled its new managed SIEM offering that aims to be a less-complicated and more-affordable alternative focused on the unique needs of MSPs and their SMB customers, according to Huntress Co-founder and CTO Chris Bisnett. Key differentiators for the Huntress managed SIEM offering include using highly efficient data collection and retention techniques to keep costs predictable and minimal, which is crucial for service providers, he said. “It allows us to just drop out significant amounts of data that ultimately has little to no security relevance,” Bisnett said.

Securonix Debuts AI Capabilities, Standalone UEBA

In April, Securonix debuted a suite of AI-powered capabilities, Securonix EON, using Large Language Models from Amazon Bedrock and Anthropic Claude 3 to extend the company’s Unified Defense SIEM. EON provides new “psycholinguistics” capabilities to assist with hunting for insider threats and adaptive threat modeling, which utilizes machine learning to uncover previously unknown attack chains in “near real-time.” Then in June, Securonix debuted availability of a standalone version of its UEBA (user and entity behavior analytics) offering.

Google Security Operations Gets Threat Intelligence Boost

In May, Google Cloud announced its new Google Threat Intelligence offering that is “deeply integrated” into the Google Security Operations platform, said Eric Doerr, vice president of engineering for Google Cloud Security. Google Threat Intelligence combines insights from three massive data sources — Mandiant, VirusTotal and Google — with new GenAI-powered capabilities, according to Doerr. As part of Google Security Operations, the Google Threat Intelligence offering enables use cases such as automated threat hunting — “where we see a new threat [that’s] present in your environment, and we flag that for you. You don't have to do anything,” he said. “That kind of thing is really magic.”

Microsoft Unveils Unified Security Operations Platform

In April, Microsoft unveiled a public preview for what the tech giant called its unified security operations platform, combining cloud-native SIEM capabilities from Microsoft Sentinel with Defender XDR and GenAI functionality. The result is a “truly unified analyst experience in the security operations center,” wrote Rob Lefferts, corporate vice president for Microsoft Threat Protection, in a blog post. Notably, unifying the tools has the effect of “making both Microsoft Sentinel and Defender XDR more valuable,” Lefferts wrote.

Fortinet Acquires Lacework

Fortinet’s FortiSIEM platform, is getting a boost from Fortinet’s acquisition of cloud security specialist Lacework, which closed in August. With security operations teams increasingly needing to monitor cloud environments, Lacework has brought crucial SecOps capabilities to Fortinet — including around using machine learning to significantly reduce alert volumes while identifying the most pressing cyber threats.

Logpoint Acquires NDR Startup Muninn

In October, Logpoint disclosed its acquisition of Muninn, a network detection and response (NDR) startup. The acquisition aims to boost Logpoint’s SIEM-based platform with “AI-driven” NDR capabilities, the company said in a news release. The enhanced platform “significantly improves visibility and Threat Detection, Investigation, and Response (TDIR),” ultimately “increasing the chances for organizations and [MSSPs] to safely navigate the complex threat landscape,” Logpoint said.