Sources: Symantec Is Looking To Break Into The SIEM Market

Symantec has recently evaluated potential acquisitions that would bring it back to the SIEM (security information and event management) market, according to CRN sources and published reports.

Symantec is said to have recently explored the prospect of buying RSA from Dell Technologies, according to sources close to RSA and Symantec. Multiple sources reached by CRN said it does not appear that talks are ongoing between the two companies.

However, Symantec didn't stop shopping there. On Wednesday, Bloomberg reported that Symantec had held discussions with Splunk for a possible acquisition. Splunk has been making big investments around its security portfolio as it looks to provide a next-generation SIEM and analytics solution. Bloomberg reported that the talks were called off after Symantec started probing Splunk finances compared to its valuation, which currently sits around $9.4 billion.

[Related: Symantec President: We Aren't Done Making Acquisitions Yet]

Sponsored post

Symantec did not respond to CRN requests for comment. RSA said it doesn't comment on rumors or speculation.

The talks come as Symantec looks to build out its vast cybersecurity platform. The company has already made multiple acquisitions in the past year, in areas such as cloud security, mobile security, threat prevention, identity protection, and more. The company does not have a SIEM offering; it exited that business in 2013 by discontinuing its Symantec Security Information Manager offering.

RSA and Splunk both stand out in the market as SIEM specialists and security market leaders.

RSA offers a broad portfolio of security solutions, including offerings in identity and access management with SecurID; SIEM and threat detection and response with NetWitness; governance, risk and compliance with Archer; and fraud prevention. Symantec overlaps in just one area – it, too, offers identity and access management and GRC solutions.

Splunk's new approach to the SIEM market has garnered much attention as it streamlines security operations with machine learning, real-time data, analytics and security management. The company also offers anti-fraud, log management, ransomware and security investigation technologies.

Other standalone companies in the SIEM or security analytics space include LogRhythm, Exabeam, SumoLogic, and Cybereason. IBM, HPE and McAfee also offer SIEM solutions.

In a recent interview with CRN, Symantec President and COO Michael Fey said the company is looking to make further acquisitions. He did not specify what areas Symantec would evaluate, saying only that it will focus on areas that "add value and metrics" to the portfolio.

"There will be other acquisitions, certainly," Fey said. "We're not afraid to acquire because we've already shown we can be successful with the integrations and our customers are stronger today."

Partners who spoke to by CRN on the condition of anonymity said Symantec could build a compelling offering if it could take a SIEM solution and tie it together with its existing products and threat intelligence capabilities.

Robert Keblusek, CTO of Sentinel Technologies, a Downers Grove, Ill.-based Symantec and Splunk partner, said a move to break Symantec into the SIEM market could make a lot of sense for the security vendor. He said he is seeing increased demand for SIEM solutions from customers and a combination with Symantec could bring Splunk and SIEM to a broader set of customers.

"Symantec is not known for having any prominence in the SIEM market. We're seeing a lot of uptick in having to have a SIEM; It's probably one of our hottest tools," Keblusek said.

Keblusek, who had no direct knowledge of Symantec acquisition talks, said Splunk could also be a good move for Symantec, saying it would give "immediate credibility" to the company's security business in the enterprise. "The combination could be a very interesting one. I think it would definitely add some visibility to Symantec and add more prominence. They're already prominent, but when I think of Splunk, I think of enterprise level SIEM services. That’s a good place for Symantec to be," Keblusek said.