Tuesday, June 25, 2024
HomeCyber SecurityCISOs Grapple With IBM's Surprising Cybersecurity Software program Exit

CISOs Grapple With IBM’s Surprising Cybersecurity Software program Exit

IBM’s shock departure from cybersecurity software program this week didn’t simply rearrange the aggressive panorama — it additionally reshuffled the procurement plans and vendor relationships for a lot of CISOs rebuilding their SOCs.

IBM has agreed to promote the QRadar SaaS portfolio to Palo Alto Networks for an undisclosed sum. After years of growth, IBM began rolling out the QRadar Suite in 2023, a cloud-native set of shared endpoint safety elements, together with a number of detection and response merchandise (EDR, XDR, and MDR), together with log administration capabilities, notably safety info and occasion administration (SIEM) and safety orchestration, automation, and response (SOAR) platforms.

In early 2024, IBM launched QRadar SIEM and earlier this month rolled out an on-premises model primarily based on Pink Hat OpenShift. The plan included subsequent incremental releases of generative AI with studying language fashions primarily based on its new watsonx AI platform.  

The deal, which builds on a partnership between the 2 corporations that was beforehand expanded in late 2023, is anticipated to shut by the tip of September. The pact additionally requires IBM Consulting to grow to be a “most well-liked managed safety companies supplier (MSSP)” for present and future Palo Alto Networks prospects, with the 2 distributors sharing a joint safety operations heart (SOC).

Palo Alto Networks stated that organizations wishing to stay with on-premises installations of QRadar will proceed to obtain function updates, vital bug fixes, and updates to present connectors. It was not instantly clear how lengthy that will probably be supplied. 

Nonetheless, IBM’s divestiture of its QRadar SaaS enterprise is a shocking about-face. It follows IBM’s formidable plan to turbocharge its growing old legacy QRadar choices, together with its extensively deployed SIEM platform with a cloud-native SaaS suite.

Potential Confusion for Clients 

Now prospects should decide in the event that they wish to observe the newly introduced chosen path, which requires the migration of the QRadar legacy and SaaS suites to Palo Alto’s Cortex XSIAM, or consider different choices.

Based on Omdia analysis, IBM’s QRadar is the third largest next-generation SIEM supplier primarily based on income, behind Microsoft, and Splunk (now a part of Cisco). “It is one of the vital shocking strikes I’ve seen within the enterprise cybersecurity house in a few years,” says Omdia managing principal analyst Eric Parizo.

Parizo says the transfer is particularly shocking as a result of IBM has invested tens of millions of {dollars} and put in depth assets within the final three years into remodeling QRadar right into a cloud-native platform. IBM acquired QRadar, an on-premises SIEM, from Q1 Labs in 2011

“For IBM to then flip round and promote QRadar to Palo Alto Networks, seemingly with little to no warning for patrons, is stunning, and admittedly not consistent with the customer-centric ethos IBM is thought for,” Parizo says. “I’d think about there are numerous confused and pissed off QRadar prospects 1716111571 in search of solutions.”

CISOs face these choices at a pivotal time. Main distributors and analysts have signaled SIEM, SOAR, and XDR coalescing right into a unified SOC operations platform, led by cloud giants AWS, Microsoft, and Google, and huge platform suppliers together with CrowdStrike, Cisco, and Palo Alto Networks. 

Lending credence to that predicted consolidation, Exabeam and LogRhythm revealed their merger plans simply hours earlier than the IBM-Palo Alto Networks information grew to become public. The mixed firm plans to combine LogRhythm’s legacy and new cloud-native SIEM know-how with Exabeam’s consumer and entity habits analytics (UEBA) platform. 

“As a mixed group, we are going to proceed to push the envelope of safety operations innovation with options that convey AI, automation, SIEM, safety analytics, and UEBA collectively to ship a holistic method to combating cyber threats,” Exabeam CEO Adam Geller, stated in an announcement. 

“All legacy SIEM gamers are going through rising competitors from tech titans (aka hyperscalers) in addition to XDR distributors which might be aggressively positioning as SIEM alternate options,” notes Forrester principal analyst Allie Mellen.

IBM could have been hinting at its final technique with final yr’s launch of the QRadar SaaS suite as a migration plan for its legacy SIEM and different cybersecurity choices. On the time of the launch in November, IBM launched a cloud-native improve of its SIEM, however the firm nonetheless lacked a fully-fledged XDR providing, Mellen notes.  “Most of what they’re offering may be very, very EDR-focused,” she says.

A Increase for Palo Alto

Analysts consider QRadar will profit organizations that favor Palo Alto Networks, because it guarantees to spice up its Cortex XSIAM SIEM providing. Mellen factors out that Palo Alto Networks XSIAM has attracted buyer curiosity due to its automation and MDR capabilities, plus it’s bundled with its Cortex XDR providing. 

“Nonetheless, attending to the size of shoppers that legacy SIEM distributors and a number of the greater gamers have is an extended street,” Mellen says. Palo Alto Networks’ acquisition of IBM’s QRadar SaaS will speed up that, she added.   

Palo Alto Networks stated present QRadar SaaS prospects will probably be supplied free migration paths to its Cortex XSIAM, which will probably be supplied collectively by IBM and Palo Alto Networks. IBM, whose workers should not transitioning to Palo Alto Networks, stated it would deploy over 1,000 safety consultants to supply migration and deployment companies.

Notably, Mellen emphasizes that the free migration possibility will even be prolonged to “certified” QRadar on-premises prospects. She advises prospects to find out if they’re certified for these free migrations as quickly as attainable.

Doubtful Future for QRadar SaaS

It stays to be seen what know-how from QRadar SaaS will work its means into XSIAM and Cortex. Nonetheless, primarily based on the announcement, Mellen believes the acquisition is about gaining the QRadar buyer base. 

“PANW clearly doesn’t have long-term plans for the QRadar SaaS providing,” Mellen notes. “As quickly as contractual obligations run out, present QRadar SaaS prospects must embrace XSIAM or migrate to a distinct vendor.”

Omdia’s Parizo provides that Palo Alto Networks has been making a major funding in Cortex XSIAM, its new SIEM providing launched in early 2022, however would not consider it is on par with QRadar. “Whereas the answer has developed shortly up to now two years, it’s nonetheless comparatively younger and broadly much less mature and fewer strong by way of particular capabilities than IBM QRadar,” Parizo says.

“To me, it isn’t possible to anticipate QRadar prospects emigrate to XSIAM at any level within the subsequent 12-24 months and obtain an equal set of capabilities,” significantly for risk detection, investigation, and response, he provides. “Finally, I consider Palo Alto Networks must help QRadar prospects on the present answer for an extended time period and considerably incentivize QRadar prospects emigrate to XSIAM to beat the challenges that may include this present interval of uncertainty.”

Bringing watsonx AI to Cortex SXIAM

Whereas Palo Alto Networks’ intentions with the QRadar stack could also be unsure, the settlement does name for incorporating IBM’s watsonx massive language fashions into Cortex XSIAM, which can present its new Precision AI instruments. 

“IBM has excellent AI; they simply haven’t got a lot market share,” says Gartner distinguished analyst Avivah Litan. “Possibly this may assist them.”



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments