"I do think if someone were to come in with a very low-cost toaster type of thing that only did a few things and did them very, very well and very, very easily, there would be an opportunity for something like that," he says. "You still have 20 players in the space. You've got a whole mess of them that are struggling and a couple that are doing very well. And that to me means you're going to continue to have consolidation, and you're probably going to have some erosion as well."
The market is bifurcating, Rothman says. "The big companies in the space, whether they're public or not, are showing good growth whereas a lot of the smaller companies are having a hard time because they're not big enough, they don't get into enough deals, and once they get into a deal, the deal viability issue comes up and makes it hard for them to win it," he says.
SenSage's Gottlieb tends to agree, saying this is one of the reasons there's more room for consolidation. "I think the bigger players that have made acquisitions are going to do a better job going down-market than the smaller players because they can get the scale and they can bring a broader portfolio of things to smaller [enterprises] and leverage their account control and there's less best-of-breed type obsession."
There's also more room for acquisitions because not all of the big vendors have yet completed their SIEM vision, even those with some logging capabilities.
"There are other vendors in that market that are likely to be seen as candidates for someone's arsenal," says Andrew Jaquith, analyst for Forrester Research. "SIEM is part of the security portfolio of some of these large security vendors and companies that want to have an information story. Partly because SIEM plays so well in the compliance market and compliance is a great market for any large company to be providing solutions for.
"Because the product is so complex, you need somebody to tie them together, so if you're IBM or Microsoft or Symantec, for purposes of consolidating what you already have or for gluing some of your own acquisitions together, it certainly would make sense," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.