IBM is making a major push to try to establish leadership in the broad market for security, compliance, and governance. The company’s latest foray is significant with the acquisition of Q1 Labs. On its own, this is an important acquisition because the company has developed significant intellectual property in security intelligence products in vital areas such as SIEM (Security Information and Event Management), risk management, log management, network behavior analytics and security event management. What is more significant from a customer perspective is the way IBM is going about transforming its approach to the security market. IBM has taken the step to create a single business unit called Security Systems Division that will move all of its security products and services into a single entity. One reason to create this new division is to target what IBM anticipates is a $94 billion opportunity in security software and services. Clearly, with the growing importance of cloud based services and big data, the potential for expanded security problems are enormous.
IBM is following the same pattern it has defined for its software organization: it has created a business unit that has leverage and best practices that are foundational across the company. For example, the new security division will integrate IBM’s Tivoli, Rational and Information Management security software, appliances, lab offerings and services. The aggregation of pieces from across software brands is an important strategic move for IBM. It will allow IBM to offer solutions with a common underpinning and offer services to other divisions of IBM. The Security Systems Division will deliver a tighter, more focused IBM security product strategy. At the same time, these security products will be used to strengthen offerings across the software portfolio.
IBM has acquired multiple security companies in the past several years including security analytics software firm, i2 as well as purchases such as Clarity Systems, a financial governance company, PSS Systems which offered legal risk management and Internet Security Systems (ISS), an information security company. Although financial terms of the Q1 Labs acquisition were not made public, IBM’s surge in the security space has overall required an investment of several billion dollars. We expect that there will be a lot more acquisitions to come in this important area.
Q1 Labs was a shrewd acquisition. The company has had impressive growth over the past several years, with a 98% year-over-year revenue growth in 2010 and a customer base of over 1700 worldwide. What Q1 will offer IBM, is strong IP that will bolster IBM’s SIEM offerings. IBM in the past has acquired SIEM companies, such as Micromuse GuardedNet, but the Q1 Labs acquisition is the most significant to date. IBM’s new Security Systems Division will have at its core Q1’s SIEM offering. Further cementing this fact is that leadership of the new division has been given to Brendan Hannigan, Q1 Lab’s CEO. We believe the best strategy for IBM is to truly integrate Q1’s core product, QRadar into IBM’s other security offerings and not simply offer it as a standalone solution. Hannigan said, “at the end of the day, security intelligence is broader than SIEM,” an indication that he understands that his new division must go far beyond Q1’s SIEM. Hannigan will need to quickly acclimate to the IBM culture while taking on the task of integrating groups who have previously operated within their own brand, such as Tivoli and Rational. If IBM is to truly offer what they promise — a full end-to-end solution, it is critical that the new division is able to efficiently create well-defined security services with clear standard interfaces to support the full IBM portfolio of software.
Coincidentally, on the same day of IBM’s Q1 Labs announcement, McAfee went public with news of its own SIEM play, the acquisition of NitroSecurity. Others in the SIEM field include Hewlett-Packard, who is leveraging ArcSight, a SIEM solution to enhance its security offerings and Cisco Systems.