SIEM: What’s Been Making Waves in 2024

Take a quick look at the key events shaping the SIEM market in 2024 from our perspective – from partnerships between industry giants and the biggest SIEM acquisition to the surprising merger of unlikely rivals, LogRhythm and Exabeam.

Splunk becomes part of Cisco

Cisco made waves with its biggest purchase ever – snapping up Splunk for $28 billion. The deal grabbed attention across tech and financial markets. Cisco’s stock dipped 4% to $53.24, while Splunk’s stock jumped 21% to $144, still a bit shy of the $157 per share Cisco paid. The acquisition reflects Cisco’s strategic shift towards a more software-centric and subscription-based service model, aligning with the broader industry trend.

Palo Alto Networks acquires QRadar

IBM has sold its QRadar software-as-a-service (SaaS) assets to Palo Alto Networks, enabling the integration of QRadar’s advanced threat detection into Palo Alto’s Cortex XSIAM platform. The partnership also sees IBM adopting Palo Alto’s platform for its own internal security solutions, making Palo Alto the preferred cybersecurity partner across IBM’s network, cloud, and SOC needs. Additionally, Palo Alto Networks has integrated IBM’s Watsonx large language models (LLMs) into Cortex XSIAM, boosting its Precision AI™ capabilities. As part of this collaboration, IBM deepened its commitment to Palo Alto Networks’ technology by deploying Cortex XSIAM and Prisma SASE 3.0 for zero-trust network security in its own operations.

A merger of opposites: LogRhythm and Exabeam

LogRhythm and Exabeam have merged under the Exabeam name, uniting two contrasting companies. LogRhythm, a veteran in suite-style SIEM solutions, has struggled in recent years to transition to the cloud and primarily serves the midmarket. In contrast, Exabeam, known for modular products and advanced AI-driven features like UEBA and Exabeam Copilot, has focused on large enterprise clients. The merger aimed to combine LogRhythm’s SIEM foundation with Exabeam’s cutting-edge analytics, creating a stronger, AI-enhanced offering. The new company is led by Chris O’Malley, former CEO of LogRhythm.

CrowdStrike opened Falcon Next-Gen SIEM to 3rd data sources

CrowdStrike has expanded its Falcon® Next-Gen SIEM to integrate data from over 500 third-party independent software vendors (ISVs), including major players like AWS, Cloudflare, Okta, and Zscaler. This integration enables smooth data sharing and combines with Falcon’s AI, threat intelligence, and workflow automation. This move addressed the big challenges of traditional SIEM systems, which often struggle with data silos and slow response times, especially as security threats continue to evolve rapidly.

Microsoft Sentinel expands with new integrations

In April, Microsoft launched a public preview of its unified security operations platform, integrating cloud-native SIEM features from Microsoft Sentinel with Defender XDR and GenAI capabilities. At Ignite 2024, Microsoft also announced new integrations with various partners, expanding Sentinel’s capabilities, including solutions from 1Password, Cisco Secure Email Threat Defense, Cribl Stream, FortiNDR Cloud, and Pure Storage, among others, enhancing threat detection, response, and overall security operations.