Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/2/2009
11:55 AM
Adrian Lane
Adrian Lane
Commentary
50%
50%

What IBM's Acquisition Of Guardium Really Means

IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.Database monitoring has been around since 2002, but has not taken off in the manner some had expected. Vendors have continued a slow and steady pace of improvement during the past seven years, and their offerings have matured into enterprise-quality security products, yet they remains a niche product. Let's face it: Database monitoring addresses what we call a "quiet threat." The damage caused by stolen data is impossible to quantify, and when it does happen, it doesn't stop people from working. It's not destructive like a virus, and it's not annoying like spam, but it's just as costly. There just isn't a killer application, and unless a company suffered a breach by attack or malicious employee, it's not perceived as a need.

Despite all DAM products being conceived as security tools, compliance has become the primary use case. What's more, they work: They detect threats and can automate controls other platforms simply cannot. Vendors have struggled because customers really didn't get how it helps with compliance. Sarbanes-Oxley, the Gramm-Leach-Bliley Act, PCI, and privacy laws say nothing about DAM. You need to really drill down to understand that your credit card data is stored in a database, or that your financial systems are automated to the extent that you simply cannot enforce many controls without automated assistance.

IBM will be able to leverage the Guardium investment into its existing customer base. IBM is, after all, one of the biggest database vendors in the world -- not just for its considerable mainframe installed base, but the DB2 UDB and Informix platforms both have dedicated followers, too. Incredible revenue opportunities exist within its own customer base, and the heterogeneous database support Guardium provides IBM Global Services is a database-agnostic platform.

Large vendors in multiple verticals have had quiet discussions with DAM vendors regarding partnerships and acquisitions for several years now. While customer adoption of the technology has lagged, providers of operations management, security, governance, and compliance have seen the value. DAM may not get a lot of press, but insiders are well-aware of the technology, and it is surprising to me we have not seen an investment of this size, or larger, during the past year.

Still, IBM's presence in this space likely provides a lift to the entire segment. I estimated the DAM market size at $70 to $80 million in 2008, and estimate $85 million for 2009. I base this on a combination of inside information, communication with customers, very chatty former employees of DAM vendors, and some educated guesses. I am excluding assessment and auditing revenue, the latter of which is extremely difficult to quantify. Regardless, it's tiny.

I'm willing to bet IBM can double the size of the market in less than a year. IBM sales has the ability to educate the market in a way that even Fortinet cannot. Meanwhile, Application Security, Imperva, Netezza, Secerno, Sentrigo, and the handful of other vendors -- all lacking an "evangelical sale" where you have to prove your product and the value it provides -- also benefit in terms of visibility, reduced sales cycles, and more customers. As revenues increase, expect further acquisitions of these remaining providers.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.