Table of Contents

Palo Alto Networks Strategic Acquisitions
- Key Milestones in Palo Alto Networks' Acquisition History:
- The Impact of Acquisitions
Palo Alto Networks Acquires IBM QRadar SaaS Assets

The Acquisition of IBM's QRadar SaaS Assets by Palo Alto Networks

5 min. read

Table of Contents

Palo Alto Networks acquired IBM’s QRadar Software as a Service (SaaS) assets. Announced in 2024 and finalized on August 31, 2024, the acquisition paves the way for more customers to benefit from next-gen SOC Innovation and AI-powered security solutions.

Key Details of the Acquisition

Completion Date

The acquisition was finalized on August 31, 2024.

Scope

Palo Alto Networks acquired certain IBM QRadar assets, including intellectual property rights, customer relationships, and software as a service customer contracts.

Strategic Partnership

Palo Alto Networks and IBM, as a preferred managed security services provider, will help global customers across industries seize the opportunity to seamlessly shift from QRadar to Cortex XSIAM with no-cost migration services through IBM Consulting for eligible customers.

IBM has further expanded its internal deployment of Palo Alto Networks security platforms, incorporating Cortex XSIAM and Prisma SASE 3.0.

What Did Palo Alto Networks Acquire?

Palo Alto Networks acquired Security Threat Management (including QRadar) Software as a Service (SaaS) assets, including QRadar intellectual property rights, from IBM on August 31, 2024.

End-of-Life Announcement

Effective April 14, 2025, Palo Alto Networks announced the End of Sale and End of Life for the Threat Management (including QRadar) Software as a Service (“SaaS”) products acquired from International Business Machines Corporation (“IBM”) on August 31, 2024 (“QRadar SaaS Products”).

Please refer to Palo Alto Networks’ End of Sale Announcements and Software End of Life Dates for a full list of all impacted products and End of Life Dates.

This announcement does not affect any IBM QRadar on-premise products or SKUs.

Why The Acquisition of QRadar Matters

For Security Teams:

For both QRadar SaaS and on-prem clients who decide to migrate to Cortex XSIAM, the companies, along with their ecosystem of business partners, will work closely together to ensure a smooth transfer, with IBM and Palo Alto Networks providing no-cost migration services to qualified customers.
Harness the power of AI and automation to simplify operations, stop threats at scale, and accelerate incident remediation.
Centralizes all of your security data and uses AI models designed specifically for security
Automate data integration, analysis, and response actions, enabling analysts to focus on the incidents that matter

Challenges Security Team’s Face Today

Security operations are no longer what they used to be, even just a few years ago. Completing a mission used to take an attacker 40 days, giving defenders more time to discover a threat and remediate it. However, according to recent incident response engagements by Unit 42, since attackers began using AI, successful breaches now take mere hours.

Compounding this fact is the growing complexity of security operations. An average security team must rely on dozens of tools that often don’t integrate. These tools produce thousands of alerts every day. It is no wonder that the average time it takes to respond to an incident is still over six days: instead of enabling humans to move faster, legacy security tools slow them down with noise and complexity.

The Future of Security Operations

To truly turn the tables against attackers, the SOC needs to undergo transformation. All tools must come together to form a unified experience, consolidating all data and alerts into a single source of truth. AI and analytics need to utilize this data in real-time to transform noise into insight and identify attackers hiding behind it. Additionally, automation should be implemented at every step, enabling humans to operate at machine speed and respond in minutes rather than hours or days.

Palo Alto Networks Cortex XSIAM transforms security operations, delivering the industry's highest protection rate and leading SOC capabilities in a unified, AI-driven platform. With Cortex, customers get:

Industry-leading EDR, SIEM, SOAR, and ASM capabilities delivered through one integrated user experience.
A single source of data stitched and normalized to deliver one source of truth to a security team.
A single AI and Analytics engine powered by Precision AI with thousands of pre-built analytics modules to process security data and stop threats in real-time.
Native automation from industry-leading SOAR to achieve up to a 98%* reduction in MTTR with 75% less manual work.**

*Oil and Gas company case study **Boyne Resorts case study

Explore how customers upgrade their SOCs with Cortex.

Address Modern Threats with a Modern SOC

Until now, SIEM technology hasn’t been able to tap fully into the potential of automation, machine learning, and the vast quantities of security data available within an organization. As a result, SOC teams are bogged down managing tools and alerts, instead of focusing on what matters most: detection and response, and proactive threat hunting.

Cortex XSIAM changes that equation. Built for SecOps teams by SecOps teams and regularly updated with the learnings from hundreds of dedicated Cortex® threat researchers and hundreds of IR investigators from Unit 42®—based on what they see as the latest tactics, techniques, and procedures threat actors are utilizing.

We build all of this back into XSIAM to unlock the full potential of your security operations. The automation-first, AI-powered platform transforms cybersecurity from a reactive defense mechanism into a proactive, value-adding component of your business mission.

Cortex XSIAM transforms security operations by centralizing data, AI-powered defense, and automation in one platform.

Here’s the XSIAM Command Center showcasing a spectrum of data sources, ranging from endpoint and network to identity, cloud, application telemetry, and more, all while providing insights into the health and volume of data ingestion

Centralized Platform

Cortex consolidates security tools and telemetry across cloud environments, networks, and devices to deliver unified visibility and control. A universal search bar enables SOC analysts to explore the breadth and depth of an environment from a single window, providing them with unprecedented access to investigative information.

With the centralized platform, security teams can gain a comprehensive view without juggling multiple tools, dashboards, or consoles—an incremental improvement in itself that adds up quickly when it comes to incident response.

Automation and Orchestration

Even in a 24/7 SOC, a human can’t watch the door at all times. With Cortex XSIAM, embedded automation and alert-specific playbooks allow the system to take immediate steps to address risks (such as quarantining an endpoint), even before an analyst gets involved. This proactive response capability keeps threats in check, freeing analysts to focus on more strategic tasks.

AI-Powered Analytics

Machine learning is a core component of Cortex, with AI-driven models to connect events across all data sources. Gone are the days of manually maintaining a threat scorecard; instead, the platform automatically groups alerts and scores incidents based on relevance and risk.

So, SOC teams can cut through the noise of constant alerts and zero in on the incidents that matter, responding faster. Even better— XSIAM learns from every action SOC analysts take to refine its process and recommend new automations. This continuous improvement in efficiency and accuracy over time makes XSIAM smarter with every incident.

Automated Reporting

For organizations with a heavy focus on regulatory compliance and performance tracking, Cortex XSIAM can provide real-time automated reporting to combat compliance drift. The platform's automations support compliance with standards such as HIPAA, NIST 800-53, NIST 800-171, NIST CSF, PCI DSS, and SOX (to name a few).

By the same token, adhering to internal standards involves configuring automation playbooks to meet your organization’s specific needs. As a result, your SOC can protect your organization and maintain compliance with industry regulations, instead of balancing those priorities against one another.

The XSIAM Difference vs Traditional SIEMs

Traditional SIEM vs XSIAM

Transform Legacy SIEM

Seamless Migration

The Palo Alto Networks team is here to support you. We have prepared a special offer that will make the upgrade to our industry-leading Cortex solutions seamless and financially attractive.

Enhanced Capabilities

With XSIAM, organizations can automate data integration, analysis, and response actions, enabling analysts to focus on the incidents that matter.

Reduce risk and operational complexity by centralizing multiple products into a single, converged platform purpose-built for security operations.

Watch the demo video of Corte XSIAM in action (5 minutes).

Cortex XSIAM combines these key SOC product capabilities into a single unified platform:

Security Information and Event Management (SIEM)

Includes all common SIEM functions, including log management, correlation and alerting, and compliance reporting.

Extended Detection and Response (XDR)

Integrates endpoint, cloud, network, and third-party telemetry for automated detection and response.

Security Orchestration, Automation, and Response (SOAR)

Includes a robust SOAR module and marketplace to create and orchestrate playbooks for use with XSIAM.

Management, Reporting, and Compliance

Centralized management functions simplify operations. Powerful graphical reporting capabilities support reporting for compliance, data ingestion, incident trends, SOC performance metrics, and more.

Endpoint Detection and Response (EDR)
Includes a complete endpoint agent and cloud analytics backend to provide endpoint threat prevention, automated response, and in-depth telemetry useful for any threat investigation.

Cortex Exposure Management*

Cuts vulnerability noise by up to 99% with AI-driven prioritization and automated remediation spanning the entire enterprise.

Cortex Advanced Email Security*

Stop sophisticated email-based attacks missed by other solutions with advanced AI and automation.

User and Entity Behavior Analytics (UEBA)

Uses machine learning and behavioral analysis to profile users and entities and alert on behaviors that may indicate a compromised account or malicious insider.

Identity Threat Detection and Response (ITDR)*

Includes specialized identity analytics that use machine learning and behavioral analysis to profile users, machines, and entities to identify and alert on behavior that may indicate a compromised account or malicious insider.

Attack Surface Management (ASM)*

Includes embedded ASM capabilities that provide a holistic view of the asset inventory, including internal endpoints and vulnerability alerting for discovered internet-facing assets.

Threat Intelligence Platform (TIP)*

Provides full TIP capabilities to manage Palo Alto Networks and third-party feeds, and to automatically map them to alerts and incidents..

*Available through additional licensing and modules.

Explore More: Related News and Resources

Looking Ahead

This acquisition paves the way for more customers to benefit from next-gen SOC Innovation and AI-powered security solutions. For businesses navigating the transition, staying informed and prepared will be key to unlocking the full value of Palo Alto Networks enhanced offerings.

Do you have questions about migrating from QRadar to Cortex XSIAM? Palo Alto Networks sales representatives or authorized reseller partners are available to discuss further and help with migration options.