IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs.
IBM has agreed to sell the QRadar SaaS portfolio to Palo Alto Networks for an undisclosed sum.
After years of development, IBM started rolling out the QRadar Suite in 2023, a cloud-native set of shared endpoint security components, including multiple detection and response products, along with log management capabilities, notably security information and event management and security orchestration, automation, and response platforms.
In early 2024, IBM released QRadar SIEM and earlier this month rolled out an on-premises version based on Red Hat OpenShift.
Palo Alto Networks said that organizations wishing to stick with on-premises installations of QRadar will continue to receive feature updates, critical bug fixes, and updates to existing connectors.
IBM's divestiture of its QRadar SaaS business is a stunning about-face.
It follows IBM's ambitious plan to turbocharge its aging legacy QRadar offerings, including its widely deployed SIEM platform with a cloud-native SaaS suite.
Potential Confusion for Customers Now customers must determine if they want to follow the newly announced chosen path, which calls for the migration of the QRadar legacy and SaaS suites to Palo Alto's Cortex XSIAM, or evaluate other options.
According to Omdia research, IBM's QRadar is the third largest next-generation SIEM provider based on revenue, behind Microsoft, and Splunk.
Parizo says the move is especially surprising because IBM has invested millions of dollars and put extensive resources in the last three years into transforming QRadar into a cloud-native platform.
IBM acquired QRadar, an on-premises SIEM, from Q1 Labs in 2011.
IBM may have been hinting at its ultimate strategy with last year's launch of the QRadar SaaS suite as a migration plan for its legacy SIEM and other cybersecurity offerings.
At the time of the launch in November, IBM released a cloud-native upgrade of its SIEM, but the company still lacked a fully-fledged XDR offering, Mellen notes.
A Boost for Palo Alto Analysts believe QRadar will benefit organizations that favor Palo Alto Networks, as it promises to boost its Cortex XSIAM SIEM offering.
Palo Alto Networks' acquisition of IBM's QRadar SaaS will accelerate that, she added.
Palo Alto Networks said existing QRadar SaaS customers will be offered free migration paths to its Cortex XSIAM, which will be provided jointly by IBM and Palo Alto Networks.
Dubious Future for QRadar SaaS It remains to be seen what technology from QRadar SaaS will work its way into XSIAM and Cortex.
Still, based on the announcement, Mellen believes the acquisition is about gaining the QRadar customer base.
Omdia's Parizo adds that Palo Alto Networks has been making a significant investment in Cortex XSIAM, its new SIEM offering released in early 2022, but doesn't believe it's on par with QRadar.
Bringing watsonx AI to Cortex SXIAM While Palo Alto Networks' intentions with the QRadar stack may be uncertain, the agreement does call for incorporating IBM's watsonx large language models into Cortex XSIAM, which will provide its new Precision AI tools.
This Cyber News was published on www.darkreading.com. Publication date: Sat, 18 May 2024 08:05:25 +0000