Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/2/2009
11:55 AM
Adrian Lane
Adrian Lane
Commentary
50%
50%

What IBM's Acquisition Of Guardium Really Means

IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.Database monitoring has been around since 2002, but has not taken off in the manner some had expected. Vendors have continued a slow and steady pace of improvement during the past seven years, and their offerings have matured into enterprise-quality security products, yet they remains a niche product. Let's face it: Database monitoring addresses what we call a "quiet threat." The damage caused by stolen data is impossible to quantify, and when it does happen, it doesn't stop people from working. It's not destructive like a virus, and it's not annoying like spam, but it's just as costly. There just isn't a killer application, and unless a company suffered a breach by attack or malicious employee, it's not perceived as a need.

Despite all DAM products being conceived as security tools, compliance has become the primary use case. What's more, they work: They detect threats and can automate controls other platforms simply cannot. Vendors have struggled because customers really didn't get how it helps with compliance. Sarbanes-Oxley, the Gramm-Leach-Bliley Act, PCI, and privacy laws say nothing about DAM. You need to really drill down to understand that your credit card data is stored in a database, or that your financial systems are automated to the extent that you simply cannot enforce many controls without automated assistance.

IBM will be able to leverage the Guardium investment into its existing customer base. IBM is, after all, one of the biggest database vendors in the world -- not just for its considerable mainframe installed base, but the DB2 UDB and Informix platforms both have dedicated followers, too. Incredible revenue opportunities exist within its own customer base, and the heterogeneous database support Guardium provides IBM Global Services is a database-agnostic platform.

Large vendors in multiple verticals have had quiet discussions with DAM vendors regarding partnerships and acquisitions for several years now. While customer adoption of the technology has lagged, providers of operations management, security, governance, and compliance have seen the value. DAM may not get a lot of press, but insiders are well-aware of the technology, and it is surprising to me we have not seen an investment of this size, or larger, during the past year.

Still, IBM's presence in this space likely provides a lift to the entire segment. I estimated the DAM market size at $70 to $80 million in 2008, and estimate $85 million for 2009. I base this on a combination of inside information, communication with customers, very chatty former employees of DAM vendors, and some educated guesses. I am excluding assessment and auditing revenue, the latter of which is extremely difficult to quantify. Regardless, it's tiny.

I'm willing to bet IBM can double the size of the market in less than a year. IBM sales has the ability to educate the market in a way that even Fortinet cannot. Meanwhile, Application Security, Imperva, Netezza, Secerno, Sentrigo, and the handful of other vendors -- all lacking an "evangelical sale" where you have to prove your product and the value it provides -- also benefit in terms of visibility, reduced sales cycles, and more customers. As revenues increase, expect further acquisitions of these remaining providers.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15684
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.