Tag Archives: Arcsigt

Is the SIEM Landscape Changing?

Log-Management-DiagramIf you follow the IT news feeds, you probably learned today that HP bought ArcSight for $1.5 billions. ArcSight is not a known public name but is a leader on the SIEM (“Security Information & Event Management“) market. This announce already generated lot of comments, positive as negative.

Log management, security incidents and such related stuffs are of a great interest to me and (why keep it secret?), I work with ArcSight products. This news directly interested me. What could change in the security landscape from my little point of view?

ArcSight is was a stand-alone, profitable company which focus on SIEM solutions. This means that they MUST stay at the state of the art in their domain. They do not have alternative revenues. They have to pull the market upwards.

Now that they will be integrated into the HP “products portfolio”, they are risks to see the SIEM products proposed between other security tools. But a SIEM is first of all a process! It’s not just a few boxes with licenses and maintenance contracts. Will there be the same story as EMC² which took control of RSA which previously took control of Network Intelligence and their enVision product? The decision of HP sounds logical, they don’t have a SIEM nor log management solutions right now and, as the market is growing, they have to propose a solution to their customers. But, dear HP, please do NOT consider ArcSight as a new component of your HP OpenView suite. Please!

From a positive point of view now, it’s a big win for ArcSight, congratulations Guys and keep up the good work! Personally, I don’t care of the boxes. Delivered with blue covers instead of red ones, running on Dell or Proliant hardware, who cares? We don’t see them in the data centers but please don’t loose your identity and stay in the upper-right part of the magic quadrant!