James Todd, Chief Technology Officer at Adarma
In the last seven months, we have seen huge changes in the Security Information and Event Management (SIEM), data analytics, and Extended Detection and Response (XDR) markets. The recently released Gartner 2024 Magic Quadrant for SIEM also highlights the rapid advancements and increased, ever-changing competition in the market.
SIEM market competition is heating up, as evidenced by Cisco’s monumental $28 bn acquisition of Splunk and, most recently, two other significant market changes: the merger between Exabeam and LogRhythm, the acquisition of IBM’s QRadar Cloud software assets by Palo Alto Networks and the formation of a strategic partnership between the two. For further insights into the rationale behind the Exabeam-LogRhythm merger, see Allie Mellen, Principal Analyst at Forrester’s analysis.
Much of this market change is being driven by the complexity of modern cyber threats, the amount of data created, and the diverse environments organisations must now defend. The rise of cloud-based SIEM solutions from major players such as Microsoft and Google and the continued focus on platform architectures (open or closed) is transforming how security capabilities are defined, consumed and managed. These advancements, coupled with integrating Artificial Intelligence (AI) and other security tools, present both opportunities and challenges. Adarma’s latest report, “How to Design a Future-Ready SOC,” explores these dynamics, offering strategies to avoid vendor lock-in and optimise security operations.
There is a noticeable and growing trend towards the adoption of cloud-based SIEM solutions that provide increased scalability and flexibility to meet the needs of modern, dynamic IT environments. Companies such as Splunk, Microsoft, Google, and now Palo Alto Networks in partnership with IBM, are competing for a significant market share. These vendors are leading the way in utilising AI for automated analysis, investigation, and response, making it easier for organisations to manage security incidents efficiently.
Security platform providers are increasingly integrating their SIEM capabilities with other security offerings, such as cloud access security broker (CASB), identity, endpoint, network, operational technology (OT), user and entity behavioural analytics (UEBA), and SOAR tools, to build out a comprehensive security ecosystem.
While consolidating with one provider has benefits, such as simplicity, integration, interoperability, and visibility, the downside is the risk of vendor lock-in, and the expenses associated with data acquisition and transfer. Adarma’s report “How to Design a Future-Ready SOC” outlines that avoiding vendor lock-in is possible. Through an open and extensible SOC architecture, one can benefit from monolithic platform providers while maintaining the flexibility to augment complementary capabilities and migrate away from incumbent providers if market conditions, technology, or cost necessitate it.
The SIEM market is continually evolving, with ongoing innovation and advancements in AI reshaping the landscape in response to a rapidly changing threat environment. Microsoft has innovated with Co-Pilot across their portfolio, with Security Co-Pilot generally available for purchase since April 1, 2024. Google has Gemini, and Splunk has Splunk AI.
While some vendors, such as CrowdStrike, were not included in this year’s Gartner MQ, they should not be discounted for future editions. CrowdStrike is actively developing its Next Generation SIEM solution as part of its one agent, one platform strategy, leveraging a prior acquisition of Humio and its investments in LogScale and Charlotte AI. As a result, customers who already use some of the CrowdStrike portfolio may want to consider adding Next Gen SIEM to their security arsenal.
The industry is expected to undergo further consolidation in the future. Scale matters and large companies like Cisco, Microsoft, and Google aim to dominate due to their size and breadth of capability. We anticipate continued integration between security and observability use cases, albeit these are currently two different buying centres and often difficult to combine to build the case for integrated ROI. It will be very interesting to see Cisco combine network, security, and observability through its platform strategy, with Splunk at the centre.
Furthermore, we expect to see more use of smart data acquisition tooling and data pipelining impacting this space with built-in tools (such as Splunk Ingest Actions and Edge Processor) or independent market-leading tools such as Cribl. We also expect to see the broader data lake players such as Snowflake, Datadog and Dynatrace seriously considering their security use cases through development, partnerships, or driving further market consolidation.
As one of the UK’s largest Managed Security Service Providers (MSSPs), we continue to observe that customers struggle with the complexity of implementing, integrating, and managing SIEM technology despite some improvements to SIEM platforms.
Our clients tend to have large, complex, heterogeneous environments and sometimes lack the in-house expertise to fully utilize the available technology. They also seek simple and transparent commercial models based not on ingestion volume but on the security value they gain from the platform.
Regardless of the SIEM technology chosen, numerous other factors must be considered, including in-house capacity and the ability to use the chosen tools effectively. Often, organisations underestimate the resources and expertise required to derive real security value from their SIEM platform.
At Adarma, we specialise in designing, building, and managing security operations with SIEM at the core. We are experts in platform deployment, integration, and optimisation specific to each organisation’s requirements, as no two enterprises are alike.
Moreover, as strategic partners with Microsoft, Splunk, and CrowdStrike, we bring unparalleled insights and capabilities to the table. Whether you’re looking to enhance your existing SIEM strategy or co-managed SIEM support, our team are able to help.
If you’d like to explore your SIEM strategy further, we invite you to schedule a complimentary 30-minute consultation with one of our Principal Consultants. Alternatively, you may explore our SIEM Assessment service for a comprehensive evaluation of your SIEM capability.
We offer tailored threat intelligence, SOC engineering, co-managed security monitoring, and strategic advisory services catering to our customer’s security requirements and business goals.
Our expertise guarantees a balanced approach between security and operational efficiency, safeguarding our customers’ most crucial infrastructure and data. Discover our tailored services and discover why we are the preferred security partner for FTSE 350 organisations and are recognised in the 2024 Gartner Market Guide for Co-Managed Security Monitoring Services.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on X and LinkedIn.
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
