Security Information & Event Management (SIEM) , Security Operations , Security Operations Center (SOC)

Nikesh Arora on Why Palo Alto Networks Is Buying IBM QRadar

QRadar SaaS SIEM Customers Will Be Migrated to XSIAM as Part of $500M Transaction
Nikesh Arora on Why Palo Alto Networks Is Buying IBM QRadar
Nikesh Arora, chairman and CEO, Palo Alto Networks (Image: Palo Alto Networks)

Palo Alto Networks will spent at least $500 million buying IBM's QRadar software-as-a-service assets to capture security operations opportunities from large enterprises faster.

See Also: Splunk Named a 10-Time Leader in Gartner® Magic Quadrant™ for SIEM

The Silicon Valley-based platform security titan said teaming up with IBM will allow for the immediate transition of QRadar customers to XSIAM without waiting for contract expirations or RFPs. The company will pay $500 million for IBM's QRadar SaaS assets, intellectual property and on-premises customer list and is on the hook for additional payments for each on-premises QRadar client that migrates to XSIAM (see: Palo Alto to Acquire IBM QRadar SIEM Business).

"I think it's an amazing deal for us. I'm just delighted that IBM agreed to do this deal with us and partner with us," Palo Alto Networks CEO Nikesh Arora told investors in an earnings call Monday. "This allows us to participate with one of the biggest players in the space and migrate as many of these customers based on merit and based on our great proposition as quickly as we can."

IBM's QRadar SaaS business generated approximately $100 million of revenue in 2023, but Palo Alto Networks expects recognized revenue to be lower in the current fiscal year due to deferred revenue and contract details. Palo Alto Networks' XSIAM offering has surpassed $400 million in cumulative bookings in the 18 months since its release, and Arora said there's a strong sales pipeline for the product.

"We will invest to fuel this partnership and ensure a seamless experience for QRadar customers purchasing and migrating to XSIAM," Arora said. "The good news is: We can transition these customers irrespective of term when they expire. That's great option value."

Pursuing the Ultimate Prize: On-Premises SIEM Customers

Arora said the "much larger prize" is QRadar's on-premises customer base, and IBM has incentive to encourage those customers to migrate to Palo Alto Networks' cloud-based offering since the payout to Big Blue will grow with each organization that transitions. More than 1,000 IBM security consultants will be trained on Palo Alto Networks' entire product portfolio to accelerate the transition process, he said.

"I think it's an amazing deal for us."
– Nikesh Arora, chairman and CEO, Palo Alto Networks

As part of the partnership, Chief Financial Officer Dipak Golechha said, IBM will operate parts of the security operations business on Palo Alto Networks' behalf on a medium-term basis. Palo Alto Networks will also become IBM's preferred cybersecurity provider across network, cloud and the security operations center, Arora said. The deal is pending regulatory approval and is set to close by September.

"In the history of IBM, they have not sold anybody else's cybersecurity portfolio with the enthusiasm we hope we can generate together," Arora said. "Until now, they would sell one portfolio - that was IBM. And today, this deal allows us to train all 1,000 of them, work with them on XSIAM and get it out to customers."

Arora said the partnership will leverage IBM's extensive salesforce and industry presence to accelerate Palo Alto Networks' market position in security operations. IBM earlier this month was recognized by Gartner as one of five leaders in SIEM alongside Splunk, Microsoft, Securonix and Exabeam and was praised by the analyst firm for its tight integrations and its ability to enrich assets with exposure data.

"This hopefully cements our place in the SIEM/SOC category at a pace that nobody would have anticipated," Arora said. "The security operations space is getting rejuvenated, which is something we've been preparing for with XSIAM."

IBM has 11.7% share in the security information and event management market after increasing sales to $607.1 million in 2022, up 12.7% from $538.9 million the year prior, IDC found. Despite that, Microsoft passed IBM in 2022 to become the second-largest SIEM vendor, and Big Blue's share and growth rate lag market leader Splunk. Palo Alto Networks wasn't among the 10 largest SIEM vendors in 2022, IDC found.

Product Growth Slows, Stock Tumbles

Palo Alto Networks Quarter Ended April 30, 2024 Quarter Ended April 30, 2023 Change
Total Revenue $1.98B $1.72B 15.3%
Subscription and Support Revenue $1.59B $1.33B 19.6%
Product Revenue $391M $388M 0.7%
Net Income $278.8M $107.8M 158.6%
Diluted Earnings Per Share $0.79 $0.31 154.8%
Non-GAAP Net Income $454.9M $359.4M 26.6%
Non-GAAP Diluted Earnings Per Share $1.32 $1.10 20%
Source: Palo Alto Networks

Palo Alto Networks' revenue of $1.98 billion in the quarter ended April 30 edged out Seeking Alpha's sales estimate of $1.97 billion. And the company's non-GAAP earnings of $1.32 per share beat Seeking Alpha's non-GAAP estimate of $1.25 per share.

The company's stock is down $28.16 - 8.7% - to $295.61 per share in after-hours trading Monday. That's the lowest Palo Alto Networks' stock has traded since May 2. Palo Alto Networks grew revenue by 15% in the Americas; 20% in Europe, the Middle East and Africa, or EMEA; and 8% in Asia-Pacific, or APAC; said Golechha.

For the quarter ending July 31, Palo Alto Network expects diluted non-GAAP net income of $1.40 to $1.42 per share on revenue of between $2.15 billion and $2.17 billion. Analysts had been expecting non-GAAP earnings of $1.42 per share on sales of $2.17 billion, according to Seeking Alpha.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.