Palo Alto Networks this week revealed it has agreed to acquire the QRadar software-as-a-service (SaaS) offerings from IBM as part of an effort to migrate organizations using this platform to the Cortex XSIAM security operations center (SOC) delivered as a cloud service.

IBM will continue to provide support for organizations running QRadar in an on-premises IT environment. However, both companies also pledge to provide services to any of those customers who opt to migrate to the Cortex XSIAM platform. IBM also pledged to train more than 1,000 security consultants on migration, adoption and deployment of cybersecurity platforms and services developed by Palo Alto Networks.

Additionally, IBM will partner with Palo Alto Networks on security operations, threat management and DevSecOps to advance data security and identity and access management, for hybrid cloud and artificial intelligence (AI) applications.

Finally, Palo Alto Networks will incorporate watsonx large language models (LLMs) in Cortex XSIAM alongside the multiple AI models already embedded in the SOC service.

Mitch Ashley, principal analyst for TechStrong Research, said that as well as providing another use case for IBM watsonx LLM, the alliance should extend the AI capabilities that Palo Alto has already invested in.

Palo Alto Networks as an alternative to organizations building and maintaining their own SOC has been making a case for a security information event management (SIEM) platform based on a data lake that enables the company to embed predictive and generative AI capabilities in the Cortex XSIAM.

It’s not clear how many organizations are moving to replace their SOCs with one provided by a cybersecurity vendor but, in theory, organizations that rely on a SOC managed as a service should be able to devote more resources to finding and thwarting threats versus integrating cybersecurity tools and services.

There’s more focus on SIEM platforms as cybersecurity teams increasingly find themselves locked in an AI arms race with cybercriminals — many of whom have the resources and expertise needed to leverage AI to increase the volume and sophistication of the cyberattacks they launch. Organizations that built their own SOC often lack access to a corpus of data large enough to train AI models. The expectation is many more will soon rely heavily on various managed security services.

AI Used to Alleviate Cybersecurity Talent Shortage

Hopefully, AI will enable organizations to partially alleviate a chronic cybersecurity talent shortage that has plagued organizations for decades. That’s especially critical as the amount of time organizations have to identify and mitigate threats before massive amounts of damage are inflicted continues to shrink.

In the meantime, cybersecurity teams should carefully evaluate their vendor partners to ensure they have the resources required for the long haul. This should ultimately benefit defenders once AI becomes pervasively employed. The challenge, as always, is finding the best way to take advantage of emerging technologies such as AI without further increasing costs at a time when many cybersecurity budgets are already limited.