Palo Alto Networks on track to join ‘Top Three Players In SIEM’: CEO
The rapid growth of XSIAM and acquisition of IBM’s QRadar SaaS assets should help propel the cybersecurity giant to become a SIEM heavyweight in coming years, according to Palo Alto Networks CEO Nikesh Arora.
The pivotal cybersecurity market segment of SIEM is heading into a period of “upheaval” that will see a reordering of the leaders in coming years, with Palo Alto Networks positioned to ascend into the top ranks, CEO Nikesh Arora said Wednesday.
While many security teams continue to rely on SIEM (security information and event management) tools for effectively responding to cyberthreats, “90 percent of the SIEMs are of technology that is 10 to 15 years old,” Arora said during Palo Alto Networks’ quarterly call with analysts.
Though still dominated by longtime players such as Splunk, which was acquired by Cisco in March for US$28 billion, the SIEM market may look very different several years from now, according to Arora.
“I think there’s a new breed of SIEM players that is fast coming in to replace these legacy SIEMs,” he said. “I think we’re going to go through a SIEM replacement cycle that we went through [with] the endpoint replacement cycle from Symantec and McAfee to the XDR vendors.”
Arora made the comments as Palo Alto Networks disclosed the first quarter of financial results that includes the impacts of owning IBM’s QRadar SaaS assets, which the cybersecurity giant acquired through a US$500 million deal that closed in September.
For the first quarter of the company’s fiscal 2025, ended Oct. 31, revenue for Palo Alto Networks reached US$2.14 billion, up 14 percent from the same period a year earlier. That was above the US$2.12 billion in quarterly revenue that Wall Street analysts had been expecting.
‘Fastest-Growing Product’
So far, Palo Alto Networks has seen a total of more than US$80 million in bookings from QRadar customers migrating onto the company’s Cortex XSIAM (extended security intelligence and automation management) platform.
Facilitating this migration from QRadar onto XSIAM — which aims to offer an AI-powered alternative to traditional SIEM — had been the stated goal of the acquisition for Palo Alto Networks since the deal was first announced in May.
Even prior to acquiring the QRadar SaaS business, Palo Alto Networks was already “enthused” about the growth pace of XSIAM, which has been generally available for just over two years, Arora noted. XSIAM was a major contributor to the vendor’s Cortex business surpassing US$1 billion in annual recurring revenue during the recent quarter and is in fact “the fastest-growing product in the history of cybersecurity at scale,” he said.
The QRadar SaaS acquisition — which is also aimed at luring on-premises IBM QRadar customers to XSIAM — will only accelerate Palo Alto Networks’ upward trajectory in the SIEM market and its displacement of existing leaders, Arora said.
“We believe that this deal will help us to become one of the top three players in the SIEM space over the upcoming years,” he said during the call Wednesday.
Ultimately, over the next two to five years, the SIEM market and its US$20 billion total addressable market is “going to go through upheaval,” Arora said.
Notably, Palo Alto Networks has not previously been ranked in Gartner’s influential Magic Quadrant for SIEM, while IBM has been ranked in the “leaders” quadrant.
For many security operations teams, SIEM provides the logging, analytics and search capabilities that they depend upon for mitigating cyberattacks.