IBM's sudden exit from cybersecurity software this week has not only reshaped the competitive landscape, but also the procurement plans and vendor relationships for many CISOs rebuilding their SOCs.
IBM has agreed to Sell QRadar SaaS portfolio to Palo Alto Networks The amount is not disclosed. After years of development, IBM has begun rolling out its QRadar Suite in 2023. It is a set of cloud-native, shared endpoint security components that includes multiple detection and response products (EDR, XDR, MDR) and log management capabilities, especially security information. Event management (SIEM) and security orchestration, automation, and response (SOAR) platform.
In early 2024, IBM releases QRadar SIEM and earlier this month On-premises version based on Red Hat OpenShift. This plan included subsequent phased releases of generative AI with learning language models based on the new watsonx AI platform.
The deal builds on the companies' partnership, which was previously extended to the end of 2023 and is expected to close by the end of September. The agreement also calls for IBM Consulting to become the “preferred managed security services provider (MSSP)” to Palo Alto Networks' existing and future customers, and for both vendors to share a joint security operations center (SOC).
Palo Alto Networks said organizations that wish to continue with on-premises installations of QRadar will continue to receive feature updates, critical bug fixes, and updates to existing connectors. It is currently unclear how long it will be available.
Nevertheless, IBM's sale of its QRadar SaaS business is a surprising turnaround. This is in line with IBM's ambitious plans to significantly enhance its aging legacy QRadar products, including its widely deployed SIEM platform with a cloud-native SaaS suite.
Potential customer confusion
Going forward, customers must decide whether to follow the newly announced chosen path that requires migrating their QRadar legacy and SaaS suites to Palo Alto's Cortex XSIAM, or evaluate other options.
According to Omdia research, IBM's QRadar is the third largest next-generation SIEM provider by revenue after Microsoft and Splunk (Now part of Cisco). “This is one of the most surprising developments I've seen in enterprise cybersecurity in a long time,” said Eric Parisot, managing principal analyst at Omdia.
The move is especially surprising because IBM has invested millions of dollars and committed extensive resources to convert QRadar into a cloud-native platform over the past three years, Parisot said. IBM acquired his QRadar, an on-premises SIEM, from: Labs for the first quarter of 2011.
“The fact that IBM then reversed course and sold QRadar to Palo Alto Networks with little warning to customers is shocking and frankly inconsistent with the customer-centric ethos that IBM is known for.” he says. “I think a lot of QRadar customers are confused and frustrated. 1715986702 I'm looking for answers. ”
CISOs face these decisions at a pivotal time. Leading vendors and analysts are suggesting that SIEM, SOAR, and XDR will be integrated into a unified SOC operations platform. This integration is led by cloud giants AWS, Microsoft, and Google, as well as major platform providers such as CrowdStrike, Cisco, and Palo Alto Networks.
Exabeam and LogRhythm give credence to predicted integration Revealed merger plan Hours before the IBM and Palo Alto Networks news became public. The combined company will integrate LogRhythm's traditional and new cloud-native SIEM technology with his Exabeam user and entity behavior analytics (UEBA) platform.
“As an integrated organization, we are pushing the boundaries of security operations innovation with solutions that integrate AI, automation, SIEM, security analytics, and UEBA to deliver a holistic approach to combating cyber threats,” said Adam Geller, CEO of Exabeam. We will continue to provide the following.” In a statement.
“All traditional SIEM players face increased competition from technology giants (aka hyperscalers) and XDR vendors who are aggressively positioning themselves as SIEM alternatives.” Note Allie Mellen, principal analyst at Forrester, said.
IBM may have been hinting at the ultimate strategy: Last year's launch Deploy QRadar SaaS suite as a migration plan for legacy SIEM and other cybersecurity products. Mellen points out that while IBM released a cloud-native upgrade of his SIEM during the November announcement, the company still lacked a full-fledged XDR product. “Most of what they offer is very, very her EDR focused,” she says.
Support Palo Alto
Analysts believe QRadar will benefit organizations that support Palo Alto Networks as it promises to enhance the Cortex XSIAM SIEM product. Mellen points out that his Palo Alto Networks XSIAM is of interest to customers because of its automation capabilities and his MDR capabilities, as well as its bundling with Cortex XDR products.
“But we have a long way to go to reach the customer scale that traditional SIEM vendors and some of the larger enterprises have,” Mellen says. Palo Alto Networks' acquisition of IBM's QRadar SaaS will accelerate that, he added.
Palo Alto Networks said existing QRadar SaaS customers will be offered a free migration path to its Cortex XSIAM, jointly offered by IBM and Palo Alto Networks. IBM said that while no employees have been migrated to Palo Alto Networks, it will deploy more than 1,000 security consultants to provide migration and deployment services.
In particular, Mellen emphasized that the free migration option will also be extended to “eligible” QRadar on-premises customers. She advises customers to determine whether they qualify for these free migrations as soon as possible.
The questionable future of QRadar SaaS
It remains to be seen which technologies from QRadar SaaS will be introduced into XSIAM and Cortex. Still, based on the announcement, Mellen believes the acquisition is meant to capture his QRadar customer base.
“PANW clearly has no long-term plans for a QRadar SaaS product,” Mellen points out. “Once their contractual obligations expire, existing QRadar SaaS customers will need to adopt her XSIAM or move to another vendor.”
Omdia's Parizo added that Palo Alto Networks is making significant investments in its new SIEM product, Cortex XSIAM. released It is expected in early 2022, but we do not believe it will be equivalent to QRadar. “Although this solution has evolved rapidly over the past two years, it is still relatively new and in terms of certain features it is less mature and less robust than IBM QRadar,” Parisot said. Masu.
“For me, it's unrealistic to expect QRadar customers to migrate to XSIAM at some point in the next 12 to 24 months and receive a comparable feature set,” especially for threat detection, Regarding investigation and response, he added. “Ultimately, Palo Alto Networks will continue to support his QRadar customers with existing solutions for the long term and will transition QRadar customers to his XSIAM to overcome the challenges associated with the current uncertain times.” I think we need to significantly encourage that.”
Bringing Watsonx AI to Cortex SXIAM
Palo Alto Networks' intentions for the QRadar stack may be uncertain, but the deal calls for incorporating IBM's watsonx large-scale language model into Cortex XSIAM, providing new Precision AI tools.
“IBM has very good AI, but they don't have a lot of market share,” said Aviva Litan, a prominent analyst at Gartner. “Maybe this will help them.”
