Palo Alto Networks CEO Nikesh Arora: SIEM’s days are numbered

It’s inevitable that traditional SIEM will be displaced by AI-powered, ‘new age players’ such as Cortex XSIAM, Arora said during a quarterly call Tuesday.

The traditional SIEM market is increasingly unable to keep up with modern threats, making it now all but inevitable that newer AI-powered tools will replace the “legacy” security operations technology over the next several years, Palo Alto Networks CEO Nikesh Arora said Tuesday.

Arora made the comments while discussing the surging growth of Cortex XSIAM, which is Palo Alto Networks’ alternative to traditional SIEM (security information and event management). XSIAM is the company’s “fastest-growing product ever” and is generating an average of more than US$1 million in annual recurring revenue (ARR) per customer, he told analysts Tuesday during the company’s quarterly call.

After an analyst asked about the size of the opportunity around XSIAM, Arora responded, “Which was the last product that came out where the average ARR was US$1 million a year?”

Going forward with XSIAM, “I think the opportunity is huge,” he said.

Periodically in cybersecurity, Arora said, product categories tend to “reach inflection points where the next set of products are so much better — that everybody has to be shaken out of their stupor [about] their old solutions to go replace them.”

This has happened in recent decades in both network and endpoint security, and now, “I think this is the moment for the SIEM market,” he said. “I think in the next three to five years, it’ll get replaced. It’ll be replaced by new age players. The legacy players will try their darndest to hang on to it. But the architectures are fundamentally different.”

As an indicator of this transition, ARR for XSIAM was up 200 percent as of the end of the third quarter of the company’s fiscal 2025, ended April 30, from the year before. That growth rate is “nearly twice as fast as our closest next-generation SIEM competitor,” Arora said, and XSIAM is now approaching $1 billion in total bookings.

While XSIAM saw rapid growth almost from the get-go after its introduction in October 2022, the offering got a major boost from the vendor’s US$500 million acquisition of IBM’s QRadar SaaS business in September 2024. The company has been heavily focused on enabling customers to move to XSIAM from QRadar since then, and Palo Alto Networks has continued to have a “phenomenal partnership” with IBM around migrating customers to XSIAM, Arora said Tuesday.

For Palo Alto Networks’ fiscal third quarter as a whole, revenue climbed 15 percent from a year earlier to US$2.29 billion, beating the Wall Street analyst consensus estimate by US$10 million.

Other bright spots for the cybersecurity giant during its latest quarter included its AI business, which has grown by more than 2.5X year-over-year to reach $400 million in ARR, according to Palo Alto Networks CFO Dipak Golechha.

At RSAC 2025 in late April, the company debuted its new AI security platform, Prisma AIRS, and also announced plans to acquire a well-known AI security startup, Protect AI.

The total consideration for the Protect AI acquisition deal is US$700 million, which includes cash and replacement equity awards, and the deal is expected to close by the first quarter of the vendor’s fiscal 2026, Golechha said during the call Tuesday.

Palo Alto Networks’ stock price was down 4 percent to US$186.70 a share in after-hours trading Tuesday.

Meanwhile, Golechha noted that the Trump administration’s tariff policies have not impacted Palo Alto Networks, which is a major producer of hardware firewalls, so far.

The vendor has been transitioning to a contract manufacturing facility in Texas, and differentiates from competitors by assembling “all of our hardware in the USA,” he said.

“As a result, tariff impact to our business has been immaterial,” Golechha said.