IBM Sells Cybersecurity Group

IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum.

I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar.

That was what seemed to be the problem at IBM. QRadar was IBM’s first acquisition in the cybersecurity space, and it saw everything through the lens of that SIEM system. I left the company two years after the acquisition, and near as I could tell, it never managed to figure the space out.

So now it’s Palo Alto’s turn.

Tags: , ,

Posted on May 20, 2024 at 7:04 AM10 Comments

Comments

Daniel Popescu May 20, 2024 7:25 AM

Maybe the “buy low, sell high” expresion doesn’t always apply in the cybersecurity world. Or whatever entity did those risk analyses was completly off track. Or both :).

Sean May 20, 2024 7:36 AM

Well the group is very likely going to do a lot better out from under the massive slowocracy of Big Blue, and they likely will also be a lot more likely to actually be able to respond in real time to threats, instead of only being able to do an autopsy of the remains months later on, with all evidence being massively compromised already and destroyed.

Doug May 20, 2024 8:07 AM

That is IBM’s SOP; buy product you don’t understand, run it badly, sell it. I saw this happen with their acquisition of Lotus Notes. Great product, could have been a massive hit, totally f’d it up.

Will Quantum be next? May 20, 2024 9:17 AM

@Doug
@ALL

“That is IBM’s SOP; buy product you don’t understand, run it badly, sell it.”

It’s not just what they buy in but also what they develop internally.

The only reason we have “IBM PC’s” is the development team clearly saw the difference between the “Big-Iron” time-share market and the then developing “Personal Computer” individual user market, and avoided management who would have crushed it in an instant.

In essence the small team took the AppleII conceptual design and pillaged it. Effectively all they did from the user perspective was replacing the 6502 8bit computer with a really really bad mung-up of an 8bit 8080 into a larger memory model pretend 16bit computer of the 8088. In theory allowing the CP/M business software to be easily re assembled and reused.

Well we saw where that went… So what is the IBM future?

Well one thing we know is they’ve thrown a lot of money into Quantum computing, but where are the returns?

What is IBM’s latest comment

“As of 15 May 2024, in line with our focus on utility-scale quantum computing and tooling, we have retired the cloud simulators and IBM Quantum Lab.”

Hmm… expect IBM’s Quantum Computing to get not just further downsized but probably sold off at scrap-dealer pricing.

Matt May 20, 2024 9:33 AM

10 years ago my company fully bought into the QRadar world, data node, network taps, processor, etc. Never could really get the whole thing 100% running. The tuning rules seemed too rigid and the UBA at the time was not great, compaired to Microsft O365 Azure; X-Force was ok, but not as good as other open source intel; and Watson did not provide much actionable intelligence. No more so than open source such as Virus Total.

When Resilient came along we did a POC and it always seemed half baked, in terms of integrating with QRadar. The products never came together.

QRadar is ok as a SIEM, but I would not invest the infrastrucutre today when there are better options.

Dmitry May 20, 2024 9:51 AM

BTW, Inrupt, Inc is hacked too. You can’t even detect them.

Winter, shut the f. up if you don’t know what APT 28/29 is capable of…

noname May 20, 2024 11:06 AM

How new is Palo Alto to the SIEM space?

They’re not listed in Gartner’s 2024 Magic Quadrant for SIEM.

And I’m not seeing that they have any market share in SIEM technologies. It’s Splunk (56%), Azure Sentinel (13%), IBM QRadar (9%), and so on.

What will the customers do?

From OP article:

Palo Alto Networks has been making a significant investment in Cortex XSIAM, its new SIEM offering released in early 2022, but doesn’t believe it’s on par with QRadar, Omdia’s Parizo adds.

Doug May 20, 2024 9:01 PM

Actually, IBM had previously purchased, guardium, Tivoli, Watch Fire, ounce, and iss.

David in Toronto May 22, 2024 12:47 PM

IBM had a number of interesting security products developed out of their Security labs in the 90’s any 00’s. Several of them had great potential but big Blue really didn’t understand them and parked some of them under the Tivoli brand where they sadly went no where.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.