Cybersecurity firm Palo Alto Networks (PAN) has announced its intent to purchase IBM’s QRadar SIEM and software-as-a-service (SaaS) suite of cybersecurity tools. Once the acquisition is finalized, QRadar’s capabilities will be integrated into the Palo Alto Networks’ Cortex XSIAM platform. Terms and price of the acquisition were not disclosed.
PAN Chief Executive Officer Nikesh Arora said in an interview with The Wall Street Journal that acquiring QRadar and partnering with IBM “is designed to help customers replace their entire stack” of disparate cybersecurity tools. Professional services support of IBM’s more-than 1,000 consultants would likely be incentivized in sales opportunities.
Legacy SIEM solutions days are numbered
Three SIEM solutions are off the market in weeks: LogRhythm, Exabeam, QRadar
The announcement by Palo Alto Networks is significant for several reasons.
First, it signifies a growing trend that legacy Security Information and Event Management (SIEM) solutions are ceding to competitors that provide more robust, “next-generation” tools such as SOAR (security orchestration, automation, and response).
Networking giant Cisco completed its acquisition of Splunk in March 2024. Cisco hopes the acquisition will propel its shift into native artificial intelligence solutions embedded within its networking portfolio. Splunk was once regarded as a flagship SIEM solution due to its extensive data collection and analysis capabilities.
Second, with increasing market competition, smaller cybersecurity vendors and firms are naturally ripe for acquisition by more prominent market players. Indeed, SIEM solutions LogRhythm and Exabeam announced a merger the same week as the PAN and QRadar acquisition.
In an interview with CNBC, Arora denied the company was pressured to acquire IBM QRadar following the completed acquisition of Splunk by Cisco.
“We don’t really compete, I think, with most things in Cisco’s portfolio,” Krishna said.
Many experts believe more mergers and acquisitions will occur in 2024.
Market shift: Adopting cybersecurity platforms, not tools
The acquisitions by Palo Alto Networks and the merger between LogRhythm and Exabeam signal a significant change in the cybersecurity industry.
Gone are the days when the enterprise embraced bolting on ” best-of-breed” individual tools for cybersecurity requirements. Shrinking budgets and increased collaboration between enterprise IT, security, and operations teams force C-level executives to justify every dollar spent.
Instead, companies like Palo Alto Networks, Cisco, and even cloud service providers are trying to convince customers to “adopt a platform, not a product.”
This conflicts with years of guidance suggesting that having fewer vendors in a network fabric becomes a “vendor lock-in” scenario and could be a cybersecurity risk.
However, every vendor and tool an enterprise adopts requires costly expertise, training, and separate licensing and support costs, which can quickly consume department budgets.
Adopting a few vendors and thus platforms becomes increasingly convincing financially, with lower support contracts, acquisition, and sustainment costs.
Palo Alto Networks’ share price responded negatively to the news amidst a negative earnings report. Share prices closed down $25 per share, or almost 8%, on the earnings statement press release May 21.
