Dueling SIEM Deals: IBM, McAfee Each Announce Acquisitions

  /     /     /  
Publicated : 22/11/2024   Category : security


Dueling SIEM Deals: IBM, McAfee Each Announce Acquisitions


High-profile purchases of Q1 Labs and NitroSecurity amid complicated threat landscape signal changes for security information and event management



IBM and McAfee today each separately snapped up indie, leading-edge SIEM vendors -- Q1 Labs, by IBM, and NitroSecurity, by McAfee -- amid growing concerns that security information and event management must move to the next level to combat todays threats.
The acquisition announcements arent the first SIEM buys by heavy-hitters; HP last year purchased ArcSight, and RSA bought NetWitness earlier this year. At a time when traditional SIEM technologys event-driven approach is under
the harsh glare of the spotlight for its inability to catch so-called advanced persistent threat (APT) attackers
, the deals underscore the need for more useful, detailed, and expedient information and intelligence for inevitable attacks against organizations.
Catching an APT requires real-time monitoring that detects and provides analysis of the various anomalies or events under way in the attack, experts say, rather than inundating organizations with raw log data or a pure SIEM that only flags known threats. That is the future -- the ability to analyze this data in real-time, says Joe Gottlieb, CEO of Sensage, an indie SIEM vendor that focuses on security data analysis. Theres too much data to look at.
Both IBM and McAfee had noticeable gaps in the SIEM area, and despite a recent SIEM-is-dead campaign by eIQnetworks, these major vendors say SIEM is poised to enter a new generation that addresses so-called situational awareness.
I dont think SIEM is dead at all. I think a lot of companies have leveraged SIEM only to be a compliance management reporting tool. Theyve lost a lot of the potential value proposition of what SIEM can deliver, says Dave Anderson, senior director of solutions marketing for McAfee. Our acquisition of NitroSecurity speaks to that forward-thinking opportunity of SIEM combined with McAfees overall security portfolio, ePO [ePolicy Orchestrator] management and risk and compliance, that [SIEM] can start to deliver.
Robert LeBlanc, senior vice president of IBM middleware software, said in a press conference today that its deal to buy Q1 Labs reflects a shift in security overall. The data to react to threats and events and [other] capabilities we got with Q1 Labs is taking security to the next level, LeBlanc said, with the ability to apply analytics and intelligence to threat detection and prevention.
IBM, which wouldnt release the financial details of the purchase of the privately owned Q1 Labs, expects the deal to wrap up in the fourth quarter. The company also announced that Q1 Labs would be part of a new division it was establishing, the IBM Security Systems Division, and that Brendan Hannigan, Q1s CEO, will head it up. The division will integrate IBMs Tivoli, Rational and Information Management security software, appliances, and services, and incorporate Q1s analytics into its identity and access management, database security, application security, network security, risk management, IPS, and endpoint management products.
And IBM is also now offering a cloud-based version of Q1 Labs SIEM product through its IBM Managed Security Services.
But the concept of security intelligence isnt just about SIEM. Says Scott Crawford, managing research director at Enterprise Management Associates, who blogged on the announcements today, other areas like forensics analysis and big data are also part of the puzzle.
Today’s acquirers of new approaches to SIEM -- and other technologies that disrupt legacy approaches to security data management -- should therefore be watched closely for the directions they take these assets, as part of larger initiatives to both broaden and deepen the nature of data-driven security. Rarely has there been a greater need for more responsive insight and much-needed maturity in management than in information security today, Crawford said in
his post
. SIEM is certainly not the only segment to watch in this regard.
Q1s Hannigan echoed the same sentiment. At the end of the day, SIEM is the anchor tenet … but in reality, the end point is security intelligence, Hannigan said. Its broader then SIEM, log management, network activity monitoring, and it includes every one of the above. We will include database activity monitoring and application vulnerability scanning. Thats what security intelligence is … it should be the end goal.
Meanwhile, McAfees planned purchase of the privately held NitroSecurity is also expected to close in the fourth quarter; NitroSecurity will become part of McAfees risk and compliance business unit headed up by Stuart McClure, general manager and senior vice president at McAfee.
NitroSecuritys NitroView SIEM, which already was integrated with McAfees ePolicy Orchestrator, will now help McAfee provide a single platform for security analysis and management, according to McAfee, although details on the ultimate architecture are still not finalized. Its going to be a platform for correlating IT events, leveraging our current bidirectional integration [between NitroView] and ePO, McAfees Anderson says.
The dueling SIEM announcements today basically demonstrate more consolidation in the market. A lot of companies are seeing a strong value proposition of having some type of SIEM solution. We looked at several SIEM solutions, and based on NitroSecuritys underlying technology and performance, we are extremely confident that we picked the right technology to acquire, Anderson says.
According to Mike Rothman, president and analyst with Securosis, the IBM and McAfee deals are a continuation of a market consolidation that has been going on for nearly four years. Pure and simple, SIEM/LM was never going to be a long-term independent technology, so these deals are just the logical conclusion of a three- to four-year consolidation, Rothman said in
a blog post today
.
Jerry Skurla, executive vice president of NitroSecurity, says the acquisitions by McAfee and IBM validate the technology. What it means is that its an absolute core technology for cyberdefense in 2012 and beyond, Skurla says.
Real-time visibility into the IT infrastructure with SIEM is crucial, he says. And adding new capabilities to SIEM, such as the ability to draw from years worth of log data for analysis, can help with stealthy APT attacks. A good APT attack may take a year or two to wind its way into the organization before it goes active, Skurla says. You need both good rules and baselining and correlating to spot and stop these attacks, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Dueling SIEM Deals: IBM, McAfee Each Announce Acquisitions