IBM, McAfee Beef Up Security Portfolios
This week saw another milestone in the consolidation of the security information and event management (SIEM) market with the acquisition of not one but two major players. On Tuesday, IBM announced that it would buy Waltham, Mass.-based Q1 Labs and McAfee made a similar announcement of its own acquisition of Portsmouth, NH-based Nitro Security. According to security experts, the moves are an answer to the blockbuster acquisition of ArcSight by HP last year and should be a further affirmation of the opportunities available for channel partners looking deliver more security intelligence to their customers.
"Both IBM and McAfee had weaknesses in the SIEM market that they had to close to sustain their enterprise strategy. With all its issues in deployment, maintenance, architectural issues and cost, SIEM remains a focus of security operations and management in the enterprise, and is therefore an asset major enterprise players need in their portfolio," says Scott Crawford, research director for Enterprise Management Associates. "The proximate driver forcing this on IBM and McAfee in particular, however, was the acquisition of ArcSight, which dominates this market, by HP last year. IBM could not afford to sustain a weakness in that space against one of its most significant competitors, and McAfee had a SIEM gap in an otherwise fairly comprehensive portfolio centered on ePolicyOrchestrator."
While IBM and McAfee both intend to fold the acquired technology into existing product stacks, this is hardly the end to SIEM as we know it.
"You need to separate out the vendors that sell SIEM and the customers that buy SIEM. There is still a market for customers to buy SIEM/log management, so that's not going away. I do think there will be fewer independent, stand-alone SIEM/log management players," says Mike Rothman, president and analyst for Securosis. "We are seeing that consolidation now and most of the larger start-ups have been acquired at this point. Over time, security management becomes part of the bigger IT management stack, but that evolution will still take a while."
Both Rothman and Crawford say that acquisitions in SIEM are likely to cool down for a bit after the activity of this week.
"I don't believe we'll see any (other) deals soon. It's more about the buyers than the sellers. Most of the logical buyers already have products, so I don't expect anyone to be snapped up quickly now," Rothman says. "But then again, I'm no investment banker."
According to Crawford the two acquisitions' consequences for the channel will depend upon partners' target customer.
"SIEM is typically an enterprise play, but more recent entrants such as Q1 and Nitro have focused on approaches that are more readily adopted, deployed and maintained. For the smallest customers, this may still place SIEM beyond their reach – or perceived need," Crawford says. "But there are alternatives, such as managed security services or hosted models of "SIEM as a Service." Channel partners should consider whether or not SIEM would be a useful offering to their customers, as well as alternatives that may be a better fit with their portfolios."
Rothman agrees that services are definitely a viable option, so don't get caught up in the post-acquisition hype if the product offering doesn't really suit the customer.
"Channel partners need to think less about what vendor to sell and more about what problem to solve for the customer," he says. "There are strengths and weakness of each product, so it's about finding the right fit for the customer, regardless of who owns the technology."