IBM Sheds QRadar in an Active Cybersecurity M&A Season

by Amy Larsen DeCarlo, posted in IT Leader, Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• IBM is selling its QRadar security assets, including its security information and event management (SIEM) to partner Palo Alto Networks for an undisclosed sum.

• IBM will train 1,000 staffers on the technology and its consulting unit will continue to support the technology.

Cybersecurity is a priority but also a challenge for enterprises navigating tight budgets, skill set limitations, and too many discrete solutions to manage. Cybersecurity vendors are dealing with some pushback from customers who want to streamline security management and work with fewer disparate tools. Vendors often excel in one area of security but lack key adjacent capabilities. Innovation requires significant investment.

Mergers and acquisitions can be one of the fastest and, depending on how the integration is managed, more efficient ways to close these gaps. May has been an active month for deals involving one of the foundational cybersecurity technologies – SIEM. SIEM solutions provide SOC analysts with data on anomalous behavior and threats essential to isolating malicious activity and identifying breaches. IBM is selling its QRadar security assets, including its SIEM, to long-time partner Palo Alto Networks.

While IBM has an extensive portfolio of security technologies, there have been complaints that it needs to be faster to innovate and its real strength is in consultative services. Picking up the IBM SIEM technology fills an important hole in Palo Alto Networks’ already broad set of cloud-based security solutions. The companies are positioning the move as benefiting customers who want to pick up a full stack of integrated security technology from a single vendor. IBM will train 1,000 employees on the QRadar technology, and provide consulting services for it, effectively acting as a QRadar reseller. IBM is working with other third-party channel partners to integrate them into the Palo Alto partner network.

Exabeam, arguably best known for its user behavioral analytics, and SIEM vendor LogRhythm are merging to create a more cohesive and complete security solution set. LogRhythm, which stumbled getting out of the gate with cloud-based security solutions, may benefit from Exabeam’s experience in delivering security-as-a-service solutions. That said, it is hard to predict how integration efforts will go and whether this tie-up helps or hurts prospects with new clients and relations with existing ones.

Leave a Reply