In September 2024, IBM officially sold the intellectual property for QRadar to Palo Alto Networks.

This is a significant shift for thousands of organisations that rely on QRadar SaaS and QROC for their SIEM and security operations.

As part of the transition, PANW has given IBM QRadar on Cloud (QROC) customers until 14 April 2026 to migrate to their Cortex XSIAM platform. That may mean retooling, retraining, and rethinking your entire detection and response approach.

But what if you didn’t have to?

 

Here’s What Many Organisations Don’t Realise

IBM continues to support thousands of customers running QRadar in on-premises environments. These deployments were not included in the IP sale to Palo Alto Networks.

In fact, IBM has confirmed that it retains full rights to develop, support, and invest in QRadar on-prem, with no plans to end the product. As stated in IBM’s official blog:

“QRadar on-premise remains a core focus of IBM. Active development, strategic investment and full support for the platform will continue, with no plans for end-of-life.”

— IBM Security Blog, May 2025

This provides a stable, long-term alternative for QROC customers who want to avoid the risks and costs of a full migration to Palo Alto’s XSIAM.

 

Why Migrate When the Trade-Offs Are Unclear?

Palo Alto Networks continues to build out a formidable security stack, both through internal development and a steady pace of acquisitions, including their recently announced agreement to acquire CyberArk. They are clearly working to drive deeper customer dependence on their ecosystem.

Is deeper integration with a single vendor aligned with your long-term technology roadmap? And critically, how does this approach align with your vendor diversity or independence policies?

Before committing to a complete re-platform, it is important to understand the operational trade-offs involved. While XSIAM offers tight integration with Palo Alto’s ecosystem, it introduces several challenges compared to mature SIEM platforms like QRadar:

• Restricted Log Ingestion Capabilities: XSIAM integrates well with Palo Alto’s own EDR and firewalls but struggles to ingest logs comprehensively from third-party cloud, SaaS, and other sources, which can create dangerous blind spots in your security visibility.
• Limited Automation and Correlation: Unlike QRadar’s mature, automated alert triaging and correlation engines, XSIAM requires manual triage by analysts, which increases response times and limits SOC efficiency.
• Fragmented User Experience: XSIAM’s fragmented consoles across EDR, network, and cloud data add operational friction, steepening learning curves for security teams and slowing team collaboration.
• Vendor Lock-in Risk: XSIAM is only available bundled with Palo Alto’s EDR/XDR solutions, eliminating vendor choice and increasing single points of failure, which can become critical during outages or platform issues.
• Limited Dashboards and Visualisation: XSIAM includes fewer built-in dashboards and requires analysts to navigate across separate views. This reduces productivity and increases time to insight.

 

The Clock is Ticking, But You Still Have Options

If your organisation is using QRadar under a SaaS or QROC model, the migration countdown has already begun. IBM has announced end-of-support for these cloud-delivered services by 14 April 2026. Additional services like QRadar EDR and XDR will follow by 31 August 2026.

That’s where our team of highly skilled QRadar security analysts comes in. We offer a direct migration path for QRadar QROC customers into our secure, cloud-hosted QRadar environment. You can keep using the SIEM you know and trust without being forced into a new ecosystem, pricing model, or architecture.

🗓️ For the full End-of-Life timeline, see PANW’s official summary.

 

Why Choose Secure ISS for Your Cloud Managed QRadar Service?

✅ Minimal Reconfiguration Required

We preserve your existing setup, including correlation rules, offenses, data sources, and integrations, so there’s no need for a major redesign.

✅ We Handle the Licensing

No licensing headaches. We’ll transition your existing licensing or provide a managed model with a simple monthly fee.

✅ Fast, Frictionless Migration

Our team uses automation tools to lift-and-shift QROC environments into our cloud with minimal downtime.

✅ No Need to Retrain Your Team

Keep your existing workflows, dashboards, and compliance processes. No unfamiliar tools or extra burden on your SOC team.

✅ Security-First, Always

Our platform is built for 24/7 security operations. With ISO 27001-aligned controls, scalable infrastructure, and expert monitoring, your environment stays protected and high-performing.

 

Let’s Make It Simple

The transition from IBM to Palo Alto is happening. But you don’t have to let it disrupt your operations, your team, or your security posture.

If you’re running QRadar SaaS or QROC, we can help you stay secure without starting over.

We’re offering a free QRadar QROC Migration Readiness Assessment to show you exactly what your options are and how simple the move can be with the right support.

👉 Book Your Free Assessment Now

Prefer to speak directly? Contact our team at soc@secure-iss.com

 

Note: IBM and QRadar are trademarks of International Business Machines Corporation. Palo Alto Networks and Cortex XSIAM are trademarks of Palo Alto Networks, Inc. All other product names, logos, and brands are property of their respective owners and used here for identification purposes only.