Is Security Information and Event Management (SIEM) outdated?

Cyber security insiders have long suspected that on premise Security Information and Event Management (SIEM) technology has already ‘had its day.’

This suspicion has now been confirmed by clear signs the market is shifting towards cloud-oriented cybersecurity platforms.

Recent news of SIEM acquisitions and mergers tell a story of market consolidation in the face of more advanced security solutions.

In this newsletter, I’m going to explain what this shift means for users of SIEM, and how the CyberSec landscape is continuing to evolve to meet new challenges.

The end of an era

Last month, Palo Alto Networks announced that they were partnering with IBM - as part of their $500 million acquisition of IBM’s QRadar SIEM SaaS assets.

This deal will see IBM ‘platformize’ their current security offerings, and then train 1000 of their staff to offer advice on migration and adoption of Palo Alto Networks’ products.

Despite the upbeat tone of this new partnership, there’s an underlying truth here: SIEM vendors are on the way out.

The intention of this partnership is not to keep QRadar going, but rather to guide users towards a modern cloud-based alternative.

This announcement draws a thick line under IBM’s foray into SIEM. It also makes abundantly clear that the future of cybersecurity requires something fundamentally different - something that can match the pace and sophistication of modern threats.

What is QRadar, and what does this news mean?

IBM’s QRadar is a cybersecurity product that offers visibility and security monitoring for (on-prem) IT infrastructure.

It provides log data collection, event correlation, threat detection, and appropriate responses for many threats.

Palo Alto Networks’ acquisition of QRadar has huge value to the company - but not because of the technology.

The real asset here is the customers, whom they aim to migrate to Palo Alto Networks’ modern cloud-based platform - a strategy confirmed by Palo Alto Networks CEO Nikesh Arora during a call with analysts.

Many of these customers will be already on the cusp of migrating to a more modern solution - one with all the features people expect today, like AI and XDR.

Does this herald ‘the beginning of the end’ for SIEM?

This isn’t an isolated event – consolidation is a clear trend across the SIEM market.

Cisco also acquired SIEM vendor Splunk earlier this year, and competing vendor LogRhythm announced a merger with Exabeam on the same day as Palo Alto Networks’ acquisition of QRadar.

In fact, many older SIEM vendors are under intense pressure right now.

The underlying technology and paradigm of SIEM is starting to lose its relevance in the face of relentless innovation, better technologies, and the widespread adoption of the cloud.

The rise of extended detection and response (XDR) and AI-powered SecOps, for example, is playing a significant part in the downward spiral of SIEM.

The main takeaway: this trend is set to continue for as long as SIEM continues to be drastically out-competed by more comprehensive cloud platforms and AI-powered cybersecurity solutions, including SentinelOne’s AI Data Lake.

Should you migrate to a new cybersecurity platform?

Threats are proliferating at an unprecedented pace, often incorporating automations and AI to achieve their malign goals.

Whether you’re a user of QRadar or another SIEM solution, it makes good sense to counter these threats by upgrading to an AI-powered platform that offers EPP, EDR, and XDR.

But which one?

By migrating QRadar users to Palo Alto Network’s cybersecurity platform, customers are saved from a laborious process of scanning the market, comparing features, and obtaining competitive quotes.

Of course, business as normal is what we all strive for, but the choice about which cybersecurity platform you use must be based on more than convenience alone.

Instead, it’s wiser to see this as an opportunity to reassess your cybersecurity needs, and to investigate all the options before selecting the one that matches your needs.

At SentinelOne, we constantly monitor the latest trends and tactics, so we can keep one step ahead and keep your critical systems running. Our platform uses its own dedicated AI to hunt for threats and to detect attacks using advanced behavioural analysis. Find out more about SentinelOne here.