What SIEMs to be the problem?

COMMENT In the space of a few hours, two big announcements from the security information and event management (SIEM) industry hit yesterday.

Intel-owned McAfee decided it wanted a piece of the pie so it snapped up Nitro Security.

Meanwhile, IBM joined the party by agreeing to acquire Q1 Labs a company which was adamant it was not for sale just 12 months ago.

Last year, HP spent an absolute fortune on getting its mitts on ArcSight - a company then (and still) ranked as the market leader.

This would all indicate the SIEM industry is rather big one. The irony is, these three major acquisitions may actually herald the end of the SIEM market as we know it.

It's not an industry, it's a feature

In all three acquisitions noted above, the acquired party has or will see its technology rolled into a bigger package. In the case of Q1 Labs, it will form part of an entirely new division within IBM. Recently-appointed CEO of Q1 Labs, Brendan Hannigan, will even head that division once the deal goes through.

Everyone knows that SIEM is just one layer of what companies would need for effective protection, but these recent acquisitions have indicated SIEM is not an industry on its own. With these big deals came an acceptance that SIEM is really just a feature.

During a press conference yesterday, Hannigan even admitted that SIEM was just a part of what he called "security intelligence."

"The end point is security intelligence which is broader than SIEM," Hannigan told IT Pro.

"Firms that focus just on log management and event correlation will be limited. Security intelligence is the key."

Hannigan said the best way for Q1 Labs to provide its services to end customers was to through a larger vendor in this case IBM. "We will be able to offer significantly better solutions than we could have done before," he added.

Put simply, expect the rest of the SIEM industry to be gobbled up by tech giants in the coming months. Their products will also be rolled into existing, wider ranging security offerings, leaving the sector looking rather thin.

Just like deduplication in storage, SIEM is just a piece of a larger pie that vendors won't be able to rely on as a sole selling point in the future.

What will Symantec do?

So HP, IBM and McAfee have all joined the party. That leaves one notable absentee: Symantec.

Earlier this week, Symantec CEO Enrique Salem said his company was considering spending another $1 billion on acquisitions. However, Salem did not mention the SIEM, or security intelligence, segment. Instead he focused on mobile, virtual spaces and the cloud.

Nevertheless, with chief rival McAfee making a splash yesterday, Symantec will be keen to show it isn't off the pace.

Of course, Symantec already has a product in the area the unimaginatively titled Security Information Manager.

But to consolidate its dominance of the security landscape, it will want to have the best of breed in the intelligence space. With others acquiring some impressive companies, Symantec would do well to show it wants to be a serious player in this space.

So who could it be looking at? Rapid7 is one growing company in this area. Just today it announced it was expanding into Europe with a new base on the continent.

However, it didn't appear on Gartner's SIEM Magic Quadrant from earlier this year. Now that Q1 Labs and NitroSecurity have been snapped up, the best option from Gartner's rankings appears to be LogLogic.

It is still a relatively small comoany, with just 150 employees, but that might make it even more attractive for a prospective buyer, given how highly rated the company is.

Symantec has had its options cut thanks to IBM and McAfee, but there's still plenty of choice.

We'll just have to wait and see if Salem will want to splash some of the companies millions (possibly billions) on an intelligence firm. It would be a smart move doing so sooner rather than later.