Security Information & Event Management (SIEM) , Security Operations

Palo Alto to Acquire IBM QRadar SIEM Business

IBM Leans Ever More Heavily on Palo Alto for Tech
Palo Alto to Acquire IBM QRadar SIEM Business
Palo Alto says it will acquire IBM's QRadar, creating another shift in the SIEM market. (Image: Shutterstock)

Palo Alto Networks is set to intertwine even more tightly with IBM following a postmarket close announcement Wednesday that the cybersecurity firm will purchase IBM's SIEM business.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

The agreement makes Palo Alto Networks IBM's "preferred cybersecurity partner across network, cloud and SOC" and positions the California company to acquire IBM QRadar security information and event management software-as-a-service offering and customers.

The companies didn't disclose terms of the deal, which requires regulatory approval. The deal should close by the end of September, they said. "Qualified customers" of IBM QRadar will migrate at no cost to Palo Alto. Customers with on-premises QRadar instances "will continue to receive IBM features and support including security, usability and critical bug fixes, as well as updates to existing connectors and the ability to expand consumption," IBM said.

The deal essentially positions IBM as a Palo Alto "reseller and integration partner," said Forrester analysts. Analysts have raised questions about IBM sales trends after the company fell short of estimates during the most recent quarter. IBM finished trading Thursday up less than 1% while Palo Alto went up by 1.4%.

IBM Consulting in April 2023 inked an agreement to integrate Palo Alto's Cortex XSIAM into its threat detection and response services.

"We already partner well with Palo Alto on firewalls, on SASE, and other products. This is going to allow us to partner on threat management," IBM CEO Arvind Krishna told CNBC.

The acquisition is further evidence of consolidation in the SIEM market, coming on the heels of Wednesday's merger announcement from LogRhythm and Exabeam (see: SIEM Stalwart LogRhythm to Merge With Exabeam). Market watchers have said that Cisco's now-closed $28 billion acquisition of Splunk would likely cause turbulence in the market as firms look for ways to displace the SIEM stalwart with stepped-up offerings that take advantage of doubt over Cisco's tutelage of a security software offering. IDC data from 2022 shows IBM holding approximately 12% of the SIEM market, making it the third-largest after Splunk and Microsoft.

Palo Alto is a relative newcomer to the SOC mainstay technology. It debuted XSIAM in 2022 and exceeded expectations by obtaining $200 million in sales during the 2023 fiscal year, the company told investors.

IBM has sold the SIEM since its 2011 acquisition of Q1 Labs. Gartner has consistently rated IBM a SIEM leader, but it has also criticized it for complex implementation and slow innovation.

"This is a far-reaching agreement where IBM is going to sell a lot more cybersecurity with Palo Alto, embracing our entire portfolio," said Palo Alto CEO Nikesh Arora on CNBC.

The deal also includes IBM's QRadar Software and commits Palo Alto to incorporating IBM's watsonx large language models into XSIAM. The watsonx portion of the deal is "partnership hype," said Forrester. "Watson, as the first AI assistant for security, never delivered on its promise to change SecOps," the analysts said.


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.