SIEM Market Consolidation: What Does This Mean for Customers?

Unpacking the SIEM Merger Shuffle  


There is a lot of upheaval in the SIEM market. Exabeam and LogRhythm announced merger plans on the same day that Palo Alto said they’re buying IBM’s legacy QRadar product. Of course, the predecessor to these announcements was Cisco’s $28 Billion acquisition of Splunk. According to the Harvard Business Review, 70-90% of mergers & acquisitions fail. There is a good reason why SIEM customers are antsy right now. Let’s unpack the current state of the SIEM Merger Shuffle. 

While Cisco’s acquisition of Splunk isn’t ‘new’ news, it was certainly the #1 topic of conversation at this year’s RSA Conference in San Francisco. CISCO acquired nine companies in nine months in 2023 including its purchase of Splunk. While it remains to be seen what they do with their expensive purchase, Splunk’s skyrocketing costs and lack of innovation were already tarnishing the company’s image. Customers are left wondering what’s in store, especially given CISCO’s less than stellar track record of successfully merging companies into its massive portfolio (remember Linksys & Pure Digital anyone?). 

Palo Alto’s announcement that they’re buying IBM’s legacy QRadar comes as a surprise, even as their Cortex ISIAM has languished to find traction (do two wrongs make a right?). But that’s a story for another day as it will take more investigation to understand.  

For now, let’s explore the Exabeam and LogRhythm announcement, which seems logical on paper. Forrester analyst Allie Mellon’s article about it is worth a read. She explores some interesting points around the idea of “opposites attract” and cautions “expect a tumultuous short term and an unknown long term”.  

Alternately, what if two Category 4 hurricanes bumped into each other, would it create the perfect storm or the perfect mess? Here are some things to consider.  

Clash of Cultures 


When two well established corporate cultures and brands are thrown together, there is a winner and a loser – both can’t prevail. Who will be the winner here? Exabeam – known more for its UBA technology than SIEM, or LogRhythm – who has struggled to successfully transition customers to the cloud given their deep roots in Europe and on-premises deployments. It’s inevitable that employees from both companies will start to disperse as battles for supremacy play out. This loss of tribal knowledge and expertise can impact product development teams, support structure, sales, legal, etc.  

Product Development  


There will undoubtedly be an exodus of R&D talent because of the merger. These are two vastly different technology platforms. Struggling to integrate them puts innovation and new updates on the back burner while engineering is tasked with a very difficult task. Product roadmaps go out the window and customers often bear the brunt of uncertainty with valid questions like: Will my product be sunset? Will it change? Will it be supported? Are the new features I was promised still on the roadmap, or will they be delivered on time?  



In the case of Exabeam and LogRhythm, their support organizations were created to support midmarket (former) and large enterprise (latter). The two don’t necessarily combine easily and can lead to an involuntary and voluntary departure of support personnel. Again, customers are left to deal with the fallout with unanswered questions like: Will my customer success manager or technical account manager, that knows my company inside and out, still be there or will I have to start from scratch? Will there be a new support portal or process? What about our SLAs?   



The combination of two disparate sales organizations may not seem like a huge issue on its surface. But sales are about relationships, and if the person you have built a relationship with leaves, it can be disruptive. For customers, it leads to questions like: Will I be assigned a new account manager? What about my upgrade or renewal quote, will it be honored?  



There is a long list of other concerns that a merger of this size creates. Some that come to mind are billing, legal and partnerships. Will my contract be honored? Will I have to sign a new contract or MSA? How does this impact billing and accounts payable? What about our SLAs? Will the procurement process change? What partnerships and integrations will be impacted by the merger?  

Stark Contrast: Radical Uncertainty vs Radical Clarity 

While the world is full of unknowns, especially among SIEM vendors today, one thing is certain – Gurucul is the last purpose-built security analytics platform left standing. We were built from the ground up more than a decade ago with the sole purpose of finding true threats and enabling a rapid response. Unlike our peers, we forged a different path. Instead of taking on big investment rounds, we bootstrapped our company and focused on innovation. We’ve continued to innovate to keep our open and flexible architecture current with the times (deploy in any IT estate, quickly and with minimal migration headaches).  keeping the architecture current and up to market demands. We’ve scaled our platform to petabytes and curate threat content on a weekly basis. Our machine learning modules have been fine-tuned to detect Zero Day and unknown threats. Our Data Optimizer gives you the ability to filter, search, and analyze the data you need, for 50% less than you’re paying today for multiple tools to accomplish the same thing.  

 So, we ask you: do you prefer radical uncertainty or radical clarity? 

We can help you cut through the noise and explore alternative solutions that best fit your needs going forward. Connect with us today. 

Gurucul’s REVEAL is the industry’s only unified, purpose-built and cloud-native platform that provides Next-Generation SIEM, UEBA, SOAR, Identity Analytics and Data Optimizer, which can eliminate the need for tools like CRIBL and save you at least 50% of your costs. The same engineering leadership team has been quietly innovating our product for more than a decade. It’s one of the many reasons we believe we are positioned farthest to the right for completeness of Vision in the 2024 Gartner® Magic Quadrant™ for SIEM.