In 2024, top cybersecurity players like Palo Alto Networks, Cisco, Fortinet, IBM, Microsoft, or CrowdStrike have made big moves in the SIEM market with key mergers and product launches.
Let’s take a quick look at the key events shaping the SIEM market in 2024 from our perspective, spanning the full spectrum – from groundbreaking partnerships between industry giants and the largest acquisition in SIEM to the unexpected merger of opposites: LogRhythm and Exabeam.
1. Splunk becomes part of Cisco
Cisco made waves with its biggest purchase ever – snapping up Splunk for $28 billion. The deal grabbed attention across tech and financial markets. Cisco’s stock dipped 4% to $53.24, while Splunk’s stock jumped 21% to $144, still a bit shy of the $157 per share Cisco paid. The acquisition reflects Cisco’s strategic shift towards a more software-centric and subscription-based service model, aligning with the broader industry trend.
2. Palo Alto Networks acquires QRadar
IBM has sold its QRadar software-as-a-service (SaaS) assets to Palo Alto Networks, enabling the integration of QRadar’s advanced threat detection into Palo Alto’s Cortex XSIAM platform. The partnership also sees IBM adopting Palo Alto’s platform for its own internal security solutions, making Palo Alto the preferred cybersecurity partner across IBM’s network, cloud, and SOC needs. Additionally, Palo Alto Networks has integrated IBM’s Watsonx large language models (LLMs) into Cortex XSIAM, boosting its Precision AI™ capabilities. As part of this collaboration, IBM deepened its commitment to Palo Alto Networks’ technology by deploying Cortex XSIAM and Prisma SASE 3.0 for zero-trust network security in its own operations.
3. A merger of opposites: LogRhythm and Exabeam
LogRhythm and Exabeam have merged under the Exabeam name, uniting two contrasting companies. LogRhythm, a veteran in suite-style SIEM solutions, has struggled in recent years to transition to the cloud and primarily serves the midmarket. In contrast, Exabeam, known for modular products and advanced AI-driven features like UEBA and Exabeam Copilot, has focused on large enterprise clients. The merger aimed to combine LogRhythm’s SIEM foundation with Exabeam’s cutting-edge analytics, creating a stronger, AI-enhanced offering. The new company is led by Chris O’Malley, former CEO of LogRhythm.
4. CrowdStrike opened Falcon Next-Gen SIEM to 3rd data sources
CrowdStrike has expanded its Falcon® Next-Gen SIEM to integrate data from over 500 third-party independent software vendors (ISVs), including major players like AWS, Cloudflare, Okta, and Zscaler. This integration enables smooth data sharing and combines with Falcon’s AI, threat intelligence, and workflow automation. This move addressed the big challenges of traditional SIEM systems, which often struggle with data silos and slow response times, especially as security threats continue to evolve rapidly.
5. Microsoft Sentinel expands with new integrations
In April, Microsoft launched a public preview of its unified security operations platform, integrating cloud-native SIEM features from Microsoft Sentinel with Defender XDR and GenAI capabilities. At Ignite 2024, Microsoft also announced new integrations with various partners, expanding Sentinel’s capabilities, including solutions from 1Password, Cisco Secure Email Threat Defense, Cribl Stream, FortiNDR Cloud, and Pure Storage, among others, enhancing threat detection, response, and overall security operations.
Tired of non-critical events
wasting your SOC time?
In cybersecurity, data is everything – timely, reliable data drives the right decisions. But with the sheer volume collected, every security analyst faces the same tough challenge: spotting the truly critical alerts hidden within a flood of non-urgent cybernoise.
ELLIO Virtual SOC Analyst works 24/7 in real-time to identify and filter out non-urgent, low-priority events directly within your SIEM, SOAR, or TIP. This allows your SOC team to focus on critical threats that matter, eliminating the distraction of investigating non-urgent cyber noise. Find out how ELLIO benefits SIEM users: https://ellio.tech/use-cases/threat-intelligence-for-soc
About ELLIO
ELLIO is a leading expert on mass exploitation, cyber deception, and opportunistic reconnaissance, delivering real-time, accurate threat intelligence to automate triage and reduce alert fatigue in SIEM, SOAR, TIP, accelerate incident response and threat hunting. ELLIO also offers the largest and most dynamic threat lists (blocklists) and blocklist management platform to strengthen perimeter and firewall defences.
