Hewlett-Packard today made its second major security acquisition in less than a month, announcing its intent to acquire SIEM vendor ArcSight for $1.5 billion.

ArcSight, the leading independent maker of security information and event management tools (SIEM), holds about 20 percent of the SIEM market. HP on Aug. 17 purchased privately held Fortify Software, a maker of secure software development technology.

"Our intent is to make security a core competency of the HP software business," said Jonathan Martin, vice president and general manager of Information Management and Commercial Solutions, HP Software & Solutions.

Martin described HP's security strategy in four parts: secure application development (which is where Fortify figures); security visibility and evaluation, two elements where ArcSight will play a major role; and remediation. HP will be looking to integrate its network operations management functions, headed by HP OpenView, and its security operations efforts, Martin said.

"HP's acquisition of ArcSight will enable the creation of a new type of security solution, one that serves the modern enterprise," said Tom Reilly, president and CEO of ArcSight, in a statement.

"By combining ArcSight's Enterprise Threat and Risk Management Platform with HP's breadth of application development and operations management solutions, HP will be able to offer an integrated security platform that delivers broader visibility, deeper context and faster remediation of enterprise-wide security and risk-related events," Reilly said. "In a world where perimeter security is no longer enough, businesses need this holistic approach to securing their networks, applications and sensitive data."

That last point might be a shot across the bow to other enterprise security players, such as Symantec and McAfee, which also offer SIEM tools as part of their security suites.

"Those companies take a very traditional approach to security, which is built around protecting the perimeter," said Rick Caccia, vice president products & channel marketing at ArcSight. "We believe you have to approach it as if you've already been breached, and you need the intelligence to analyze and remediate the problem."

But the integration between HP and ArcSight will take time. The acquisition itself is not expected to be complete until the end of the year, and then there are the technical efforts to complete.

"There will be integration challenges with these big deals, so product innovation tends to grind to a halt while integration issues are addressed," said Mike Rothman, an analyst at Securosis, in a blog. "We wouldn't expect anything different with HP/ArcSight. Inertia is a reality here."

The loss of ArcSight's independence and innovation might be viewed as a negative by some users, but immediate defections aren't likely, Rothman said.

"Customers have spent years and millions on ArcSight, so it's hard to see a lot of them moving en masse somewhere else in the near term," he said. "Obviously if HP doesn't integrate well, over a long period of time they'll see customers going elsewhere."

Two of the remaining independent players in the SIEM market are SenSage and Q1 Labs. "Coming after Intel's acquisition of McAfee, this combination creates an opportunity for a standalone pure-play security intelligence provider that is not tied to a particular vendors' infrastructure products," said Brendan Hannigan, president and COO of Q1 Labs.

The acquisition will be conducted by means of a cash tender offer for all of ArcSight’s outstanding shares of common stock at $43.50 per share. The $1.5 billion figure is about eight times ArcSight's annual sales, Rothman said. The deal is expected to close by year's end.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.