IBM Acquires Q1 Labs for Data Analytics, SIEM

IBM will acquire Q1 Labs to expand its business intelligence portfolio by including security events to its menu of deep analytics capabilities.

IBM announced it will acquire Q1 Labs, a data analytics software company, to expand its security and events management capabilities.

With advanced analytics from Q1 Labs, IBM can provide customers with correlation capabilities to automatically detect and flag suspicious or abnormal events, IBM said Oct. 4. The deal is subject to regulatory approval and is expected to close in the fourth quarter. Financial terms were not disclosed.

Following the close, Q1 Labs will join IBM as a newly minted security division, Robert LeBlanc, senior vice president of IBM Middleware Software, said during a conference call with journalists. The new division, IBM Security Systems, will be led by Brendan Hannigan, the current CEO of Q1 Labs, who will report to LeBlanc.

IBM Security Systems will be formed by Q1 Labs and security software, appliances, lab offerings and services IBM has picked up from more than 10 strategic security acquisitions and 25 analytics-related buys over the past 10 years, including Tivoli, Rational and i2, LeBlanc said.

"Q1 Labs' security analytics will add greater intelligence to IBM's security portfolio and continue to distinguish IBM from competitors," Hannigan said.

Organizations feel cyber-attacks are increasingly harder to detect, and their ability to identify threats, detect insider fraud, predict risk and comply with regulatory mandates would be easier with an end-to-end security platform, LeBlanc said, adding that security is at the "top of the list" of things they are worrying about. Customers will benefit from tightly integrated products and a unified road map.

"There's a lot of data, but not brought together in a way to give clients a way to understand the threats," LeBlanc said.

Q1 Labs recognized that application flow data can be used to identify security-relevant events from a wide variety of very different technologies, Scott Crawford, director in the security and risk management practice at EMA Managing Research, wrote in a blog. The approach allows organizations to focus on "security intelligence," or collecting and managing information relevant to security from multiple sources and correlating them to identify threats from legitimate activity, Crawford said.

IBM plans to apply Q1 Labs' analytics capabilities to drive greater security intelligence capabilities across all its security products and services, including identity and access management, database security, application security, enterprise risk management, intrusion prevention, endpoint management and network security, LeBlanc said. IBM has a broad analytics portfolio and by combining it with security, IBM will be able to provide customers with security intelligence that can be used to detect and prevent threats, he said.

The Q1 Labs deal fits IBM's growth initiatives, according to LeBlanc. "We want to grow in business analytics," LeBlanc said, noting that the acquisition lets IBM extend growth into the security domain.

IBM Managed Security Services already monitors over 12 billion security events a day in more than 130 countries, according to LeBlanc.

The security information and event management (SIEM) market has seen some consolidation in recent months, as IBM announced its plans on the same day McAfee disclosed it is acquiring Nitro Security for an undisclosed amount. Hewlett-Packard also acquired ArcSight earlier this year.

"This is an exciting space to be in, and it will continue to change rapidly," Guy Churchward, CEO of LogLogic, told eWEEK. Churchward predicted "the same level" of customer disruption for both Q1 and Nitro customers as seen with ArcSight earlier this year.

The IBM and McAfee deals weren't much of a surprise as there have been rumors that Nitro Security and Q1 Labs were for sale, according to Crawford. McAfee has had a SIEM gap in what was otherwise a "fairly comprehensive strategy" in its ePolicy Orchestrator centralized enterprise security management platform, and IBM had slowed down on the SIEM front after a series of related acquisitions several years ago, according to Crawford.

IBM's and McAfee's announcements "are evidence that top tier technology companies are asking themselves the same question about what they need to address the evolving needs of the market," Andy Grolnick, president and CEO of LogRhythm, told eWEEK.