With security as one of its strategic imperatives, IBM made a series of moves to bolster its security incident response capabilities, including announcing its intent to acquire Resilient Systems, a provider of a popular incident response platform.
Resilient Systems, whose CTO Bruce Schneier is a well-known cryptographer, computer security and privacy specialist, develops and markets a security incident-reporting platform that automates the process of responding to cyber-security breaches. The addition of Resilient expands IBM’s capabilities in the incident-response space, where Big Blue has been more active in the security threat-detection and -prevention space.
Financial terms of the deal, which IBM announced at the RSA Conference 2016 in San Francisco, were not disclosed.
“We have a nice portfolio; it’s like an immune system we’ve been putting together for the prevention and detection of security threats, primarily in software and services,” Marc van Zadelhoff, general manager of IBM Security, told eWEEK. “What this acquisition does is it really helps us double down in the area of response. Detect and prevent is one area that we spend a lot of time in.”
However, IBM has had an existing services team you could call in when there was an attack—sort of like a “Ghost Busters” incident-response team, van Zadelhoff said. “But we’re announcing Resilient Systems will be joining us,” he said. “And they are the leading incident-response platform. It’s a real nice fit on top of our portfolio. Our 6,000 QRadar customers have been asking us to get more into this area. There’s also our BigFix, Guardium and our managed services team that will all be leveraging this capability as Resilient comes on board.”
IBM is in the midst of a transformation to focus on a core set of growth imperatives: cloud, analytics, mobile, social and security (CAMSS).
“We’ve seen those imperatives grow quickly over the last couple of years,” van Zadelhoff said. “We launched the security business unit about four and a half years ago. It crosses software and services and is focused toward the CISO [chief information security officer]. We’ve become one of the biggest enterprise players and I see no lack of appetite by IBM to continue to invest and help us grow this business.”
IBM Security has been building its business up over the last couple of years. In 2015, the unit became a $2 billion business for IBM, grew 12 percent and hired 1,000 people over the last year to amass well over 6,000 people in the unit.
IBM Security is growing at about two times the market average, and in prevention and detection, Big Blue already is the market leader, van Zadelhoff said. Meanwhile, the security market is consolidating, with many of the pure-play providers beginning to struggle. “So we’re already the leader in the one big pillar in the market,” he said. “Incident response is the other and we’re investing in the leader with this. We’re going after the next segment of the market very aggressively.”
The Resilient Systems team consists of about 100 people situated just across town from IBM Security’s headquarters in the Kendall Square area of Cambridge, Mass., van Zadelhoff said. “Our headquarters is in Cambridge; they’re based in Cambridge and their management team is outstanding,” he noted. “They have some really brilliant players like Ted Julian, Bruce Schneier and John Bruce. These guys are known players in the space. There are other players in the incident response space, but these guys are leading the pack.”
IBM to Buy Resilient Systems in Security Incident-Response Play
“The background for IBM’s purchase of Resilient is the changing nature of cyber-threats to businesses, which have moved from random individual incidents to systematic assaults funded by organized criminals and hostile governments,” said Charles King, principal analyst at Pund-IT. “It’s as if cyber-criminals have evolved from being dedicated terrorists to becoming well-organized military organizations.”
Describing the Resilient technology in a blog post, John Bruce, CEO and chairman of Reslient Systems, said: “We built the industry’s first Incident Response Platform (IRP). Now in version 25, it seamlessly connects with the myriad of security tools used by organizations today, creating an intelligent incident response hub. It brings together people, processes and technology with the potency and intelligence needed to fight today’s cyber battles.”
On the services side, IBM has a team of folks doing incident response and that the company beefed up, and Big Blue is making those services available in its portal where over 4,000 managed services customers can log in and initiate an engagement when they have experienced a security incident, van Zadelhoff said.
“Combining our knowledge and expertise with IBM is a perfect fit culturally and technologically,” said Bruce in his post. “We’re already integrated with IBM QRadar and IBM App Exchange in production environments, and the opportunity to deepen that integration and extend it into other IBM technologies makes for a compelling solution for our joint customers.”
Meanwhile, IBM also announced the formation the IBM X-Force Incident Response Services team, including new, remote incident response (IR) capabilities, as well as a new partnership with Carbon Black for incident response. Carbon Black’s incident-response tools help users monitor cyber-attacks from the endpoint.
“We’re enhancing our capabilities around all these services through a partnership with Carbon Black, which provides endpoint-detection response technology,” van Zadelhoff told eWEEK. And then there’s the Resilient piece. So the services team will now be able to leverage the Resilient technology, deploying it on our back end to help with the response management piece.”
In his own blog post, van Zadelhoff said the new X-Force Incident Response Services will help customers “to more effectively discover, track, respond to and report on security incidents. Also included is a new remote incident-response service that actively hunts for threats and allows for the remote management of active attacks via the cloud.”
Van Zadelhoff also noted in his post that the need for a broad spectrum security incident-response capability is even more important, given a recent Ponemon Institute study that indicated that 70 percent of U.S. security executives do not have a cyber-security incident-response plan in place. The average cost of a data breach now totals $3.8 million, according to that study.
“The best way for companies to survive these security incidents is by using what IBM calls ‘immune response’ solutions,” King said. “These constantly monitor IT environments, detect security breaches in real time and respond instantaneously, much as a human body does when it’s invaded by a virus. Resilient complements IBM’s longstanding QRadar Security Intelligence Platform and its new X-Force Incident Response service. The deal also should expand the areas where IBM security can be applied and enhance those solutions’ features and performance, benefitting both companies’ customers and partners.”