News analysis Q&A: Shake up of the SIEM, UEBA markets continues as LogRhythm-Exabeam merge

By Byron V. Acohido

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense.

Related: Cisco pays $28 billion for Splunk

LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Forrester Principal Analyst Allie Mellen observes: “The combined organization is likely to push hard in the midmarket, where LogRhythm’s existing suite has had success and the Exabeam user experience makes it a more natural fit.”

Despite the promising synergies, Mellen cautioned that the merger alone would not resolve all challenges. “Both of these companies have faced challenges in recent years that are not solved by a merger,” she adds. “These include difficulty keeping pace with market innovation and with the transition to the cloud.” she said.

Last Watchdog engaged Mellon in a drill down on other ramifications. Here’s that exchange, edited for clarity and length.

LW: How difficult is it going to be for LogRhythm and Exabeam to align their differing market focuses; what potential conflicts are they going to have to resolve?


Mellen: The companies have dramatically different company cultures and processes, as LogRhythm is a veteran security companyfounded in 2003 with a focus on a suite-style offering, while Exabeam is, by comparison, a younger company founded in 2012 with a focus on modular, stand-alone products.

In addition, both companies have faced challenges in recent years that are not solved by a merger: difficulty keeping pace with market innovation and with the transition to the cloud. LogRhythm has traditionally focused on the midmarket, while Exabeam aggressively pursued large enterprise deals, highlighting a difference in target market that must be bridged.

LW: How do you see them competing against the hyperscalers, i.e. Microsot, AWS and Google, who are muscling into this space?

Mellen: Since 2018 we have talked about how the Tech Titans are changing the cybersecurity market. The past few years have demonstrated the accuracy of that prediction, with Microsoft, AWS, and GCP having an outsize impact on the security market.

This acquisition is, in part, to help both companies continue to be competitive in this market against the likes of the Tech Titans. However, while the hyperscalers are investing heavily in security, the combined entity will be playing catch-up trying to integrate two very different products and companies into one.

LW:  What specific areas of innovation should the merged entity prioritize to stay competitive?

Mellen: LogRhythm and Exabeam are likely to experience a period of innovation stagnation as they work to combine. The most important first step for them: getting the combined entity and products aligned. Once they have addressed that, the innovation they push forward should be focused on serving the mid market. That’s where they can have the most impact with the combined offering. As always, ease of use, log pipeline management, and quality of analytics are some of the biggest challenges for SIEM vendors and should be the combined entity’s focus.

LW: In what ways could the combined concerns better serve mid-market enterprises, perhaps even SMBs, as well?

Mellen: The combined entity should target the mid market and SMBs. LogRhythm has focused there, and though Exabeam previously targeted large enterprise, its user interface and ease of user makes it a good fit to bring down market.

LW: Anything else?

Mellen: Between this merger, Cisco’s acquisition of Splunk, and IBM selling QRadar assets to Palo Alto Networks, the SIEM market is undergoing a series of high-profile changes. Much of this is driven by pressure from the Tech Titans, XDR providers, and the realities of a hybrid, multi-cloud world. Expect more consolidation in the SIEM market in the next year.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone