The era has ended: the last independent software SIEM [worth buying] is bought. The biggest SIEM game “winner” (ArcSight) is acquired by HP for about $1.5b. As people are already calling me en masse to comment, here is the post with a random sampling of conclusions, predictions and “lessons learned”:
- Do something better than everybody else and you can win big – even if you start late like ARST did (this comes direct from the Cap’n Obvious, of course :-)) For example, focus on a good UI usable by your target audience as early as possible!
- Appliance SIEM battle was - until now- a sideshow to the SIEM “classic” battle (IMHO). Yes, despite the volume of appliance sales, distributed software SIEM was still seen by many as “the real thing” and appliance SIEM was seen as “maybe for SMBs?” And now appliance SIEM guys get to fight the main war!
- Will HP screw it up? Hmmmm..... with their record in security.... oh, wait, they have a record in security? :-) No further comment.
- It is official: SIEM market again has no leader (at least until HP figures our what to do with ARST). Will anybody else stand up and take the reigns while HP is “sorting things out”?
- What is the fate of the appliance SIEM (Express) and log management appliances (Logger)? Well, the answer lies deep inside HP, but my guess is that they will not fare better than they fare now. HP “the home of OpenView” will probably like big messy software more than the boxes.
- Q: Can I please say something related to the news with the word “cloud”? A: Sooooorry, nothing cloudy about it whatsoever.
Winners:
- ArcSight, of course. Big congrats to the crew!! I competed with you a few times, but that does not mean you are not awesome :-)
- Kleiner Perkins with about 20x on the investment; even CIA made some money (via In-Q-Tel), I guess.
- SIEM players close to the top of the totem pole. All will now claim “ah, we are the leader now!”
Losers:
- Whoever was on the shortlist with ArcSight to be acquired by HP. Oops!
- Current HP “SIEM” partner - this vendor now gets to add their own name to the list of failed SIEM vendors :-) Bummer!
- Whoever else wanted to buy ArcSight. Oracle?
- SIEM players close to the bottom of the totem pole. Even fewer people will buy your wares now, especially if HP discounts Express aggressively.
