CEO Chris O’Malley on the reasons for the merger of LogRhythm and Exabeam

The combined company will standardize on Exabeam’s New-Scale cloud SIEM product, as it has gained traction in the market since its debut in October 2022, and retire LogRhythm’s competing Axon offering. Due to New-Scale’s success, the company will continue under the Exabeam name, but with Chris O’Malley – who led Thoma Bravo-owned LogRhythm since February 2022 – as its top executive.

“We’ve both done great work over the last few years. But when we look at the face we want to present to the world, Exabeam’s is just a more innovative brand,” O’Malley told Information Security Media Group. “And New-Scale in particular is the product we’re betting on.”

Thoma Bravo – which acquired a majority stake in LogRhythm in July 2018 – will be the majority owner of the combined company, while venture-backed firm Exabeam’s investors – including Blue Owl Capital, Sapphire Ventures and Lightspeed Venture Partners – will retain a minority stake. Adam Geller – who joined Exabeam as Chief Product Officer in June 2020 and became CEO in June 2023 – will leave the company (see: SIEM specialist LogRhythm merges with Exabeam).

The way forward for Exabeam

As CEO, O’Malley aims to maintain the current pace of innovation for cloud-based and on-premise SIEM systems while creating a business platform that can aggregate technology through acquisitions and achieve sustainable growth. O’Malley said his experience with both product innovation and business platform creation makes him a good fit to continue as CEO and will be essential to navigating the security market.

Nearly 600 organizations have adopted Exabeam New-Scale in just 21 months. O’Malley said the product helps CISOs transform generalists into Level 1 analysts, continuously improve their security operations and effectively communicate value to justify investment. Specifically, New-Scale increases investigative capabilities with AI, provides maturity assessments and helps with performance evaluation of progress.

O’Malley said the use of generative AI in Exabeam’s platform has significantly reduced security incident investigation times, improving the efficiency and effectiveness of security operations. New-Scale supports CISOs by providing context and guidance on next steps, as well as robust methods to communicate the value of security investments to stakeholders, which is critical given tighter budgets.

“I’ve never met a CISO who thinks they have more money than they need,” O’Malley said. “They’re woefully underfunded. And part of that is they’re not able to communicate well the progress they’re making.”

There are significant growth opportunities for the company’s on-premises SIEM in regions and countries that have rejected cloud solutions for cost or security reasons, such as the Middle East, Africa, India and Taiwan, O’Malley said. IBM’s push to migrate on-premises QRadar customers to Palo Alto Networks’ cloud-based XSIAM offering means Splunk is now Exabeam’s only serious competitor for on-premises SIEM.

The new leadership team will consist of seven LogRhythm graduates and three Exabeam graduates. The Exabeam graduates were selected to lead product management and sales, according to O’Malley, and the LogRhythm graduates will help with the stability and scalability of the business platform. He said the combined company’s leadership team leans more toward LogRhythm employees because of their experience in creating a strong business platform.

Are there any further mergers and acquisitions planned for Exabeam in the future?

Although the merger has doubled the size of the company, O’Malley said Exabeam is focused on profitability and aims to return to the “rule of 40” within a few years, where the sum of the company’s revenue growth rate and profit margin exceed 40%. Investments will therefore be focused on high-growth areas such as product and sales, and difficult decisions will have to be made to increase efficiencies in areas such as human resources and finance.

“In a merger of equals, there are two of everything, so we are making the tough decisions about the best talent to move the company forward,” O’Malley said. “We are making the tough decisions necessary to create a lean fighting machine.”

In the future, O’Malley said, Exabeam is open to acquisitions in related cybersecurity areas to expand its product portfolio and take advantage of current market conditions in which many vendors are struggling to survive. Combining innovative technologies – both internally developed and through acquisitions – with efficient business practices will make Exabeam a consolidator in the cybersecurity market, O’Malley said.

From a metrics perspective, O’Malley said Exabeam plans to monitor customer satisfaction, employee engagement and operational efficiency and focus on continuous improvement and innovation. The deal will make Exabeam the world’s largest pure-play security operations provider, and O’Malley said the company plans to leverage DevOps, value stream management and agile methodologies to stay ahead.

“We are by far the largest security operations-only provider on the planet, at least twice the size of anyone else in the market,” O’Malley said.