IBM Secures Q1 Labs SIEM For Data Analytics

IBM is buying Q1 Labs to expand its business security portfolio with deep analytics capabilities

IBM announced it will acquire Q1 Labs, a data analytics software company, to expand its security and events management capabilities.

Security information and event management (SIEM) analytics from Q1 Labs, will allow IBM to provide customers with correlation capabilities to automatically detect and flag suspicious or abnormal events, IBM said. The deal is subject to regulatory approval and is expected to close in the fourth quarter. Financial terms were not disclosed.

Security Against New Threats

Following the closure of the deal, Q1 Labs would join IBM as a newly-minted security division, Robert LeBlanc, senior vice-president of IBM Middleware Software, said during a conference call with journalists. The new division, IBM Security Systems, would be led by Brendan Hannigan, the current CEO of Q1 Labs, who would report to LeBlanc.

IBM Security Systems would be formed by Q1 Labs and security software, appliances, lab offerings and services IBM had picked up from more than 10 strategic security acquisitions and 25 analytics-related buys over the past ten years, includingTivoli, Rational and i2, LeBlanc said.

“Q1 Labs’ security analytics will add greater intelligence to IBM’s security portfolio and continue to distinguish IBM from competitors,” Hannigan said.

Organisations feel cyber-attacks are increasingly harder to detect and their ability to identify threats, detect insider fraud, predict risk and comply with regulatory mandates would be easier with an end-to-end security platform, LeBlanc said, adding that security was at the “top of the list” of things they were worrying about. Customers will benefit from tightly integrated products and a unified roadmap.

“There’s a lot of data, but not brought together in a way to give clients a way to understand the threats,” LeBlanc said.

Behavioural Detection

Q1 Labs recognised that application flow data could be used to identify security-relevant events from a wide variety of very different technologies, Scott Crawford, director in the security and risk management practice at EMA Managing Research, wrote in a blog. The approach allows organisations to focus on “security intelligence”, or collecting and managing information relevant to security from multiple sources and correlating them to identify threats from legitimate activity, Crawford said.

IBM plans to apply Q1 Labs’ analytics capabilities to drive greater security intelligence capabilities across all its security products and services including identity and access management, database security, application security, enterprise risk management, intrusion prevention, endpoint management and network security, LeBlanc said. IBM has a broad analytics portfolio and by combining it with security, IBM would be able to provide customers with security intelligence that can be used to detect and prevent threats, he said.

The Q1 Labs deal fits IBM’s growth initiatives, according to LeBlanc. “We want to grow in business analytics,” LeBlanc said, noting that the acquisition lets IBM extend growth into the security domain.

IBM Managed Security Services already monitors over 12 billion security events a day in more than 130 countries, according to LeBlanc.

Focus On SIEM

The SIEM market has seen some consolidation in recent months, as IBM announced its plans on the same day McAfee disclosed it was acquiring Nitro Security for an undisclosed amount. Hewlett-Packard also acquired ArcSight earlier this year.

“This is an exciting space to be in and it will continue to change rapidly,” Guy Churchward, CEO of LogLogic, told eWEEK. Churchward predicted “the same level” of customer disruption for both Q1 and Nitro customers as seen with ArcSight earlier this year.

The IBM and McAfee deals were not much of a surprise as there have been rumours that Nitro Security and Q1 Labs were on sale, according to Crawford. McAfee has had a SIEM gap in what was otherwise a “fairly comprehensive strategy” in its ePolicy Orchestrator centralised enterprise security management platform and IBM had slowed down on the SIEM front after a series of related acquisitions several years ago, according to Crawford.

IBM and McAfee’s announcements “are evidence that top tier technology companies are asking themselves the same question about what they need to address the evolving needs of the market”, Andy Grolnick, president and CEO of LogRhythm, told eWEEK.