Palo Alto Networks Buying IBM QRadar Assets

Palo Alto Networks will be IBM's preferred cybersecurity partner.

Edward Gately, Senior News Editor

May 16, 2024

6 Min Read
Palo Alto Networks

Palo Alto Networks is acquiring IBM's QRadar SaaS assets, including QRadar intellectual property rights, as part of a new partnership between the companies to deliver AI-powered security offerings.

Eric Parizo, managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa), said this deal is a "real bombshell in every sense."

"No doubt one of the most surprising moves I've seen in the enterprise cybersecurity space in many years," he said. "While I expect more detail about the overall partnership to emerge soon, the overall rationale seems to be that IBM CEO Arvind Krishna ultimately decided that the revenue from a long-term partnership providing security services for Palo Alto Networks was more lucrative than competing in an next-generation security information and event management (SIEM) market where Microsoft's rapid rise is quickly altering the landscape. For proof, look no further than Splunk's recent decision to sell it itself to Cisco, and the newly announced merger of struggling mid-tier competitors Exabeam and LogRhythm."

Palo Alto Networks and IBM aim to help streamline and transform security operations, stop threats at scale and accelerate incident remediation for their customers with a complete AI-powered approach.

Upon completing the QRadar acquisition, Palo Alto Networks and IBM will facilitate the migration of QRadar SaaS clients to Cortex XSIAM, a next-generation security operations center (SOC) platform with advanced AI-powered threat protection supported by 3,000 out-of-the-box detectors.

On-premises QRadar clients who wish to remain on-premises will continue to receive IBM features and support including security, usability and critical bug fixes, as well as updates to existing connectors and the ability to expand consumption.

For both QRadar SaaS and on-premises clients who choose to migrate to Cortex XSIAM, the companies, along with their ecosystem of business partners, will collaborate to enable a smooth transfer, with IBM and Palo Alto Networks offering no-cost migration services to qualified customers. As part of this agreement, IBM will receive incremental payments from Palo Alto Networks for QRadar on-premises clients who choose to migrate to the Cortex XSIAM platform.

Palo Alto Networks, IBM Partnership Details

Other highlights of the expanded partnership include:

  • IBM will platformize internal security solutions with Palo Alto Networks. Palo Alto Networks will be its preferred cybersecurity partner across network, cloud and SOC.

  • Palo Alto Networks will incorporate watsonx large language models (LLMs) in Cortex XSIAM to deliver additional Precision AI solutions.

  • IBM will bolster its security services to drive a book of business in cybersecurity and AI security, featuring Palo Alto Networks platforms in its expanded portfolio.

  • IBM will train more than 1,000 of its security consultants on migration, adoption and deployment of Palo Alto Networks products.

  • IBM will accelerate innovation and investment in data security, and identity and access management (IAM) for hybrid cloud and AI, and will partner with Palo Alto Networks on security operations, threat management, and DevSecOps.

IBM Consulting will be a preferred MSSP for current and future Palo Alto Networks customers. In addition, a joint SOC will feature a managed SOC, and the companies will also establish a joint cyber range that will offer immersive experiences for customers to further understand the value of Palo Alto Networks security products. IBM's experts with global, regional and local delivery capabilities will use watsonx, IT automation and threat intelligence to enhance advisory efforts and drive growth and adoption of Palo Alto Networks security platforms.

As IBM's cybersecurity partner of choice, Palo Alto Networks' cybersecurity solutions will be accessible in IBM's Consulting Advantage AI services platform, including the building of assets and repeatable methods to support scale. IBM will also build industry-vertical capabilities on top of Cortex XSIAM, leveraging watsonx.

Capitalizing on AI Transformation

"The security industry is at an inflection point where AI will transform businesses and deliver outcomes not seen before,” said Nikesh Arora, Palo Alto Networks’ chairman and CEO. “It's a moment to accelerate growth and innovation. Together with IBM, we will capitalize on this trend, combining our leading security solutions with IBM's pioneering watsonx AI platform and premier services to drive the future of security platformization with complete, AI-powered, secure-by-design offerings."


The transaction portion of this announcement is expected to close by the end of September, and is subject to regulatory approvals and other customary closing conditions. Financial terms of the transaction have not been disclosed.


"Strategic partnerships like the one we're announcing today with Palo Alto Networks bring with them significant benefits across the industry,” IBM's Krishna said. “Advanced threat protection and automation, underpinned by Cortex XSIAM and watsonx, and coupled with IBM Consulting, will speed client and partner adoption of next-generation security operations. We'll deliver these capabilities with Palo Alto Networks, and accelerate our security investments and innovation in areas like data security and IAM. These are critical offerings that our clients need when protecting their data, hybrid cloud environments, AI models and applications. We are delighted to be partnering with the Palo Alto Networks team and we are excited about the future of AI-powered cybersecurity innovation."

'Shocking' Move on IBM's Part

IBM has spent the last three years investing many millions of dollars and countless man-hours, essentially rebuilding QRadar from the ground up as a cloud-based platform based on OpenShift, Parizo said.

"For IBM to then turn around and sell QRadar to Palo Alto Networks, seemingly with little to no warning for customers, is shocking, and frankly not in line with the customer-centric ethos IBM is known for," he said. "I would imagine there are many confused and frustrated QRadar customers looking for answers."

For Palo Alto Networks, this is a "bold and brilliant" move that not only gives the security platform vendor a huge market share jump, but also a massive mindshare increase, Parizo said.

"This shines a bright spotlight on its nascent XSIAM next-gen SIEM solution, especially if that solution is the migration destination for current QRadar customers, which appears to be the case," he said.

However, while Cortex XSIAM has evolved quickly in the past two years, it is still relatively young, and less mature and less robust in terms of specific capabilities than IBM QRadar, Parizo said. Existing XSIAM customers are primarily understood to be using it to ingest threat detection, investigation and response (TDIR) data from other Palo Alto Networks products, and initial reports are positive on that, but seeing it as equivalent to QRadar "just isn’t accurate yet."

"From the AI perspective, since the landscape there is still forming, it’s too early to say what the long-term implications are," he said. "But part of IBM’s intent in retrenching in enterprise cybersecurity is to increase its focus on all aspects of AI and security. There’s no question this deal, in part, accelerates IBM’s intentions around security and AI."

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like