IBM QRadar Acquisition By Palo Alto Networks Marks ‘Sea Change’ In SIEM Market: Analyst

‘This is the biggest concession of a SIEM vendor to an XDR vendor so far,’ writes Forrester’s Allie Mellen.

With Palo Alto Networks slated to acquire IBM’s QRadar assets, the deal is a sign of where things are headed in the rapidly consolidating market for security operations platforms as traditional SIEM loses favor, according to a Forrester analyst.

The companies announced their agreement Wednesday that sets up cybersecurity giant Palo Alto Networks to acquire IBM’s QRadar software-as-a-service assets. The move will lead to QRadar SaaS customers being migrated onto Palo Alto Networks’ Cortex XSIAM (extended security intelligence and automation management) platform, the vendors said.

XSIAM is Palo Alto Networks’ AI-powered platform for security operations teams, which competes with SIEM (security information and event management). XSIAM has seen rapid customer adoption since its debut in late 2022 and has also helped to drive Palo Alto Networks’ XDR (extended detection and response) offering — which must also be used by customers looking to deploy the vendor’s XSIAM platform.

The planned acquisition of IBM’s QRadar assets by Palo Alto Networks is the latest example of accelerating consolidation in the security operations market, and this shift is expected to continue to be driven by XDR vendors that are “aggressively pushing into the SIEM space,” wrote Allie Mellen, principal analyst at Forrester, in a blog post Thursday.

Notably, “this is the biggest concession of a SIEM vendor to an XDR vendor so far and signals a sea change for the threat detection and response market,” Mellen wrote.

Meanwhile, with Palo Alto Networks’ XSIAM offering, “security buyers may be finally getting the SIEM alternative they’ve been seeking for years,” she wrote.

The agreement was in fact the second security operations consolidation deal announced on Wednesday, following the disclosure earlier in the day that SIEM vendors LogRhythm and Exabeam plan to merge.

The planned acquisition also follows Cisco’s $28 billion acquisition of SIEM stalwart Splunk in March and growing competition in the market from vendors including Microsoft and CrowdStrike.

Migration To XSIAM

The terms of the acquisition deal between Palo Alto Networks and IBM weren’t disclosed. The deal is expected to close by the end of September.

The companies said Wednesday they will “facilitate the migration” of QRadar SaaS customers to Palo Alto Networks’ fast-growing XSIAM platform once the acquisition closes. On-premises QRadar customers will continue to receive updates and support, the companies said.

Palo Alto Networks said the planned acquisition will include rights to QRadar intellectual property, however.

IBM’s QRadar business originated with the tech giant’s acquisition of Q1 Labs in 2011. A year ago, IBM launched its updated QRadar Suite, which has been delivered via SaaS and has included re-architected threat detection and response offerings.

The QRadar platform has not kept up on innovation with newer security operations technologies, though, leading to the acquisition deal announced this week, according to Mellen.

Meanwhile, even though Palo Alto Networks has seen strong growth for XSIAM, “getting to the scale of customers that legacy SIEM vendors and some of the bigger players have is a long road,” Mellen wrote. The QRadar SaaS acquisition thus is “going to speed things up a bit,” she wrote.

At cybersecurity powerhouse Optiv — No. 24 on CRN’s Solution Provider 500 and a top Palo Alto Networks partner — CISO Max Shier said in a previous interview that XSIAM is proving to be a “significant change in how you look at SIEMs and how you integrate data.”

“The things that you can do in XSIAM are pretty amazing. It’s like a SOC-in-a-box,” Shier said at the time. “It’s a great product.”

‘Holy Grail Of Security’

In an interview with CRN last year, Palo Alto Networks CEO Nikesh Arora said that the company’s XSIAM technology enables the unprecedented capability of “real-time security,” with its ability to thwart cyberattacks as they’re happening.

That is truly “the Holy Grail of security,” Arora told CRN at the time.

In November, Palo Alto Networks debuted XSIAM 2.0, including major updates around the user experience and support for custom machine-learning models. And in April, the company launched its new Cortex XSIAM for Cloud module, which introduced cloud detection and response (CDR) capabilities to the XSIAM platform.