Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


HP Continues Security Push With $1.5B Purchase Of SIEM Vendor ArcSight

Following up recent purchase of Fortify, HP's software unit pledges to make security "a core competency"

Hewlett-Packard today made its second major security acquisition in less than a month, announcing its intent to acquire SIEM vendor ArcSight for $1.5 billion.

ArcSight, the leading independent maker of security information and event management tools (SIEM), holds about 20 percent of the SIEM market. HP on Aug. 17 purchased privately held Fortify Software, a maker of secure software development technology.

"Our intent is to make security a core competency of the HP software business," said Jonathan Martin, vice president and general manager of Information Management and Commercial Solutions, HP Software & Solutions.

Martin described HP's security strategy in four parts: secure application development (which is where Fortify figures); security visibility and evaluation, two elements where ArcSight will play a major role; and remediation. HP will be looking to integrate its network operations management functions, headed by HP OpenView, and its security operations efforts, Martin said.

"HP's acquisition of ArcSight will enable the creation of a new type of security solution, one that serves the modern enterprise," said Tom Reilly, president and CEO of ArcSight, in a statement.

"By combining ArcSight's Enterprise Threat and Risk Management Platform with HP's breadth of application development and operations management solutions, HP will be able to offer an integrated security platform that delivers broader visibility, deeper context and faster remediation of enterprise-wide security and risk-related events," Reilly said. "In a world where perimeter security is no longer enough, businesses need this holistic approach to securing their networks, applications and sensitive data."

That last point might be a shot across the bow to other enterprise security players, such as Symantec and McAfee, which also offer SIEM tools as part of their security suites.

"Those companies take a very traditional approach to security, which is built around protecting the perimeter," said Rick Caccia, vice president products & channel marketing at ArcSight. "We believe you have to approach it as if you've already been breached, and you need the intelligence to analyze and remediate the problem."

But the integration between HP and ArcSight will take time. The acquisition itself is not expected to be complete until the end of the year, and then there are the technical efforts to complete.

"There will be integration challenges with these big deals, so product innovation tends to grind to a halt while integration issues are addressed," said Mike Rothman, an analyst at Securosis, in a blog. "We wouldn't expect anything different with HP/ArcSight. Inertia is a reality here."

The loss of ArcSight's independence and innovation might be viewed as a negative by some users, but immediate defections aren't likely, Rothman said.

"Customers have spent years and millions on ArcSight, so it's hard to see a lot of them moving en masse somewhere else in the near term," he said. "Obviously if HP doesn't integrate well, over a long period of time they'll see customers going elsewhere."

Two of the remaining independent players in the SIEM market are SenSage and Q1 Labs. "Coming after Intel's acquisition of McAfee, this combination creates an opportunity for a standalone pure-play security intelligence provider that is not tied to a particular vendors' infrastructure products," said Brendan Hannigan, president and COO of Q1 Labs.

The acquisition will be conducted by means of a cash tender offer for all of ArcSight’s outstanding shares of common stock at $43.50 per share. The $1.5 billion figure is about eight times ArcSight's annual sales, Rothman said. The deal is expected to close by year's end.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...