IBM and McAfee both made moves Tuesday to acquire security information event management (SIEM)technology, with plans to integrate the reporting and eventcorrelation capabilities into their product lines.
This is further evidence that SIEM vendors have proven themselves ... Theyre creating revenuebased on compliance mandates and so far there doesnt seem to be an end in sight for the growthcurve.
Andrew Hay, senior security analyst, The 451 Group
Big Blue announced plans to acquire Waltham, Mass.-based Q1 Labs and integrate it into a newlyformed IBM Security Systems Division led by Q1 Labs CEO Brendan Hannigan. IBM said the Q1 Labs SIEMsecurity analytics and correlation technology can detect and flag potential security policyproblems to help prevent security breaches. Financial terms of the deal have not beendisclosed.
Meanwhile, Santa Clara, Calif-based McAfee announced it agreed to acquire Portsmouth, N.H.-basedSIEM vendor NitroSecurity Inc. McAfee indicated that following the completion of the acquisition,it will combine NitroSecuritys technology with its own enterprise security management technologiesto help customers asses network and endpoint vulnerabilities. Terms of the acquisition were notannounced.
According to Stamford, Conn.-based IT research firm Gartner Inc., the SIEM market grew 15% lastyear, from $858 million in revenue to $987 million. The SIEM market, which has been characterizedby Gartner and other research firms as being crowded, has been driven by compliance mandates --mainly PCI DSS -- with enterprises deploying SIEM to take advantage of mainly reportingcapabilities. Mark Nicolett, a Gartner Research vice president, said both Q1 Labs and NitroSecurityhad strong technologies and solid customer bases, making them key acquisition targets.
IBM had SIEM technology in place when it acquired Consul Risk Management and MicromuseGuardedNet, wrapping the capabilities into its Tivoli Security Information and Event Manager. Theacquisition of Q1 Labs may help bolster the Tivoli SIEM weaknesses, or the company could decide tolet Q1 technology stand alone, Nicolett said. They may continue on their merry way and sell [Q1]to customers and then as a side type of activity they would have to figure out how to integrate thestrong, existing technology that they have with the core pieces of Q1 Labs, Nicolettsaid.
McAfee had been partnering with SIEM vendors before its NitroSecurity acquisition. The companyoffers a set of APIs to enable SIEM vendors to tap into its E-Policy Orchestrator (EPO) centralizedmanagement console. McAfee has had a close relationship with NitroSecurity and shouldnt have adifficult time integrating it into its product portfolio, Nicolett said. Its an exercise inleveraging the parsing and integration APIs that are already part of the product, he said.NitroSecurity also gives McAfee access to potential customers; utilities and other criticalinfrastructure facilities have been a major part of NitroSecuritys customer base.
While vendors tout event correlation, the vast majority of users indicate they are primarilyusing SIEM for reporting capabilities, said John Kindervag, a senior analyst at Cambridge,Mass.-based Forrester Research Inc. But security vendors see promise in the broader adoptionof more advanced event correlation capabilities and have been quick to add the technologies totheir portfolios.
The consolidation of the SIEM market gained traction last year, when HPacquired ArcSight for $1.5 billion. Trend Micro and Kaspersky Lab are the only remaining majorsecurity vendors lacking SIEM capabilities, said Andrew Hay, a senior security analyst at The 451Group. Sophos,which acquired firewall vendor Astaro in May, also picked up log management capabilities fromthe acquisition, Hay said.
This is further evidence that SIEM vendors have proven themselves, Hay said. Theyre creatingrevenue based on compliance mandates and so far there doesnt seem to be an end in sight for thegrowth curve.
~SearchSecurity.com Senior Site Editor Eric Parizo contributed to this report
0 comments:
Post a Comment