Plaintext Week in Review: State of SIEM

Welcome to Dark Reading in Plaintext, brought to your inbox this week by SecurityBridge . In this issue of Plaintext, we review the biggest news of the week, the ongoing shakeup of the SIEM market. We also take a look at new regulations from the SEC for financial services institutions. If you enjoy Plaintext, please share with friends and colleagues !

Big Changes in the SIEM Market. The biggest news of the week was IBM’s announcement that it was selling the QRadar SaaS portfolio to Palo Alto Networks , effectively exiting the security software business. QRadar Suite is a cloud-native set of shared endpoint security components, including detection and response products (EDR, XDR, and MDR), along with SIEM and SOAR capabilities.

According to the announcement, current “qualified” QRadar SaaS customers will be provided a no-cost migration path to Cortex XSIAM by IBM and PANW, according to a research note from Forrester’s Allie Mellen, Jeff Pollard, and Joseph Blankenship. “PANW clearly does not have long-term plans for the QRadar SaaS offering,” they wrote. “As soon as contractual obligations run out, existing QRadar SaaS customers need to embrace XSIAM or migrate to a different vendor.”

It's not just QRadar SIEM customers, either. Customers with IBM’s EDR offering, QRadar SOAR, and Randori Recon, will also need to consider whether they will migrate to Palo Alto Networks products or to an entirely different vendor.

"I would imagine there are many confused and frustrated QRadar customers [now] looking for answers." Eric Parizo , Omdia

The IBM announcement comes on the heels of private equity giant Thoma Bravo’s announcement that its SIEM company LogRhythm will be merging with rival company Exabeam. The combined company plans to integrate LogRhytm’s legacy and cloud-native SIEM with Exabream’s user and entity behavior analytics platform. The merger “could be great” for the companies, as LogRhytm has a solid SIEM foundation and Exabeam has a high-quality UBA, according to Allie Mellen, principal analyst at Forrester Research, and Joseph Blankneship, vice-president and research director.

The security analytics platform market has been undergoing a “roller coaster of activity” the past few years, Mellen and Blankenship wrote , with Microsoft’s entering the market with Sentinel in 2019 and Cisco’s $28 billion acquisition of Splunk in 2023. “Expect more consolidation in the security analytics platform market in the years to come, as well as increased competition from extended detection and response vendors that are pushing into the SecOps space,” they wrote.

Dark Reading in Plaintext is brought to you by SecurityBridge

Find the Best Fitting Cybersecurity Framework for SAP

Do you rely on SAP for critical business processes? How secure are your systems? Discover the best cybersecurity framework for SAP security in our detailed report.

SEC to Financial Institutions: You Have 30 Days to Disclose. The Securities and Exchange Commission will require financial institutions to disclose security breaches within 30 days of learning about them. The new changes to Regulation S-P means institutions such as broker-dealers, investment companies, registered investment advisers, and transfer agents must notify individuals who personal information was compromised “as soon as practicable, but not later than 30 days” after learning of the incident. Notifications must detail the incident, what information was compromised, and how those affected can protect themselves.

What We Are Reading

• [SecurityBridge ] Find the best cybersecurity framework for SAP security
• CISOs Struggle to Comply with SEC Disclosure Rules
• Nigeria Halts Cybersecurity Tax After Public Outrage
• CISO as a CTO: When and Why It Makes Sense
• [Omdia] Exabeam-LogRhytm merger is the latest sign of trouble for mid-tier NG-SIEM vendors.

What We Heard On-Air

Tune in to episode 1 of our podcast Dark Reading Confidential “The CISO and the SEC .” (Spotify , Apple Podcasts , Amazon Music , and Deezer )

“Would you be willing to be a CISO for a small scrappy company that maybe doesn't have infinite resources now knowing that you also have this additional liability there?” Fredrick Lee , CISO, Reddit, Inc.

From Our Library

Check out some of the latest reports from our?Dark Reading Library .

• [SecurityBridge ] Find the right cybersecurity framework for your SAP security
• Tech Insight: Effective Asset Management Is Critical to Enterprise Cybersecurity
• Omdia: The Measured March of Microsoft
• Tech Insight: Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights
• Dark Reading Research: How Enterprises Secure Their Applications

On That Note

We are big fans of Cyber Collective and its mission “to spark conversations about the impact of technology, empowering individuals to protect themselves and their communities online.” Check out the latest project — The Cyber Collective Password Journal . Yes, people should be storing passwords in digital password managers, but face it — we know people still write passwords down. Just badgering people to not write them down doesn’t work. Check out what the team is doing — it's good stuff.

Dark Reading in Plaintext is brought to you by SecurityBridge