Skip to content

File Under “Mergers & Acquisitions”

October 4, 2011

Well, this week two more SIEM vendors have been snatched up. bringing the total number of acquired SIEM technologies to… let’s see here… Network Intelligence (bought by RSA/EMC), Arcsight (acquired by HP), Q1 Labs (to IBM), and Nitro (bought by McAfee), e-Security (acquired by Novell), Trigeo (bought by Solarwinds), Protego (acquired by Cisco, and turned into Cisco MARS), and Consul (purchased by IBM) — that’s four in recent memory, and even more if you go back a few years.  Why all the flurry of activity?

A lot has been made of eIQ’s recent statement that “SIEM is Dead“, with multiple pundits pointing out that, if SIEM is truly dead, why would big players such as IBM and McAfee be acquiring two prominent SIEM vendors?  Well, the answer to that question lies in exactly what these vendors plan on doing with their newly-acquired tools.  As announced in both the IBM press release and the McAfee press release, both vendors plan on using their new SIEM tools as one component of an overall technology offering to provide advanced threat detection and compliance automation.  Sound familiar?  It should… this has been eIQnetworks’ message of “Unified Situational Awareness” for some time.  Neither IBM nor McAfee is leaving these SIEM acquisitions on their own to function as independent revenue streams; both vendors recognize the need to expand security visibility beyond what SIEM can do on its own, and both will be furiously trying to integrate their new SIEM acquisitions with other products the’ve bought or built over the years.  Both IBM and McAfee recognize that customers need SIEM augmented with other security data; as a result, the IBM and McAfee acquisitions clearly validate eIQ’s message that SIEM is Dead.

Of course, eIQnetworks isn’t the only organization to claim that the next era of security monitoring – one that delivers situational awareness – is what’s needed to address today’s modern security threats.  Gartner’s recent research note on situational awareness clearly  stated that any solution delivering situational awareness solution should collect, analyze, correlate and report on all security and compliance data as well as provide long term historical archival and forensics analysis.  So, everyone is trying to get to that position in the market.  The difference, of course, is in how eIQ’s delivery of situational awareness differs from these big vendors’ pending solutions.  Fortunately, the differences couldn’t be more clear.

IBM and McAfee, like HP before it, are trying to take an M&A approach to developing an intelligent security platform that delivers situational awareness.  The main problem with that approach is one of logistics: if you’re buying up five, six or more different technologies (or in IBM’s case, ten!), what you have is a bunch of different technologies that most likely have a hodgepodge of different back-end databases, coding styles, APIs, and other components.  Why is that a problem?  Because the underlying value of situational awareness is not simply in the collection of data, but in the fast, efficient correlation of that data, ad hoc querying, fast forensics, and a unified view of security posture.  How will these vendors get all of these tools to “talk” to each other?  Well, certainly not by simply building a “brand” around a collection of tools — a marketing exercise does not make a platform!

Unlike these hodgepodge approaches to unifying security data, SecureVue from eIQnetworks was built from day one with a focus on fast, integrated security data that collects, analyzes, correlates, reports all security and compliance data in a unified product.  SecureVue natively collects a massive range of security information — from logs and other event data, to asset data, configuration state, network traffic analytics, performance and availability metrics, native FIM, and much more.  Of course, we also work with existing technologies in our customers’ environments, including SIEM, DLP, DAM, and a wide range of other security tools.  For eIQnetworks, there is no “technology integration issue”.

Another big problem with the M&A approach of IBM and McAfee is that it will still require customers to buy multiple products; the difference is they’ll just be buying them all from a single vendor.  If you want SIEM, and configuration assessment capabilities, and network behavioral analysis, and FIM… well, these vendors can certainly give it to you: for a price.  Again, that is not situational awareness; it’s simply a pick-and-choose approach to security products, some of which may — or may not – integrate with others.  When they fail at their integration efforts, they simply give up (like IBM gave up on their prior SIEM acquisition of Consul; or CISCO walking away from Cisco MARS) and acquire some other company to go through the exercise again with no real benefit to the customers.

At eIQnetworks, we realize that true situational awareness is not a pick-and-choose endeavor; you need all security data.  Unlike a vendor with a portfolio of different tools, however, with SecureVue customers get the ability to collect, correlate and analyze all security data.  We don’t “nickel-and-dime” our customers, because that’s the wrong approach to security.  With SecureVue, customers get everything they need in a true platform — not simply a collection of point tools that may (or may not) collect and integrate all the security data they need.  SecureVue helps maintain awareness of the security state of information systems by providing provides the most accurate, timely and coherent view of the threat, compliance and risk posture across the enterprise.

For incumbent Q1 and Nitro customers, another obstacles that they now face — and perhaps the most challenging one – is the fact that the new owners of their incumbent technologies drive a lot of revenue from services.  Existing Q1 and Nitro customers should fully expect to receive a barrage of offers for professional services from these vendors, that include a strong push for customization.  We certainly wish the best for existing Q1 Labs and Nitro Security customers, but if history has any bearing on the migration of their technologies to a new vendor, there may be rough seas ahead.

Unlike these vendors, eIQnetworks is almost entirely a product-driven company.  We don’t have a massive services bench, because our customers don’t need us to have one.  We’re focused on efficiency, ease of use, and most importantly, simple integration into your existing environment.  And most of all, we don’t push our customers to “rip-and-replace” their existing investments in security technologies, because we work with those technologies out-of-box (even SIEM!).

To IBM and McAfee, we applaud their recognition that their customers need a broader range of security data than what SIEM (or any other point product) can provide — we’ve been saying that for years, and it’s great to see that they’re validating our position.  SIEM is dead… long live situational awareness!

To read our posts outlining why we believe SIEM is Dead start here

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: