Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/2/2009
11:55 AM
Adrian Lane
Adrian Lane
Commentary
50%
50%

What IBM's Acquisition Of Guardium Really Means

IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.Database monitoring has been around since 2002, but has not taken off in the manner some had expected. Vendors have continued a slow and steady pace of improvement during the past seven years, and their offerings have matured into enterprise-quality security products, yet they remains a niche product. Let's face it: Database monitoring addresses what we call a "quiet threat." The damage caused by stolen data is impossible to quantify, and when it does happen, it doesn't stop people from working. It's not destructive like a virus, and it's not annoying like spam, but it's just as costly. There just isn't a killer application, and unless a company suffered a breach by attack or malicious employee, it's not perceived as a need.

Despite all DAM products being conceived as security tools, compliance has become the primary use case. What's more, they work: They detect threats and can automate controls other platforms simply cannot. Vendors have struggled because customers really didn't get how it helps with compliance. Sarbanes-Oxley, the Gramm-Leach-Bliley Act, PCI, and privacy laws say nothing about DAM. You need to really drill down to understand that your credit card data is stored in a database, or that your financial systems are automated to the extent that you simply cannot enforce many controls without automated assistance.

IBM will be able to leverage the Guardium investment into its existing customer base. IBM is, after all, one of the biggest database vendors in the world -- not just for its considerable mainframe installed base, but the DB2 UDB and Informix platforms both have dedicated followers, too. Incredible revenue opportunities exist within its own customer base, and the heterogeneous database support Guardium provides IBM Global Services is a database-agnostic platform.

Large vendors in multiple verticals have had quiet discussions with DAM vendors regarding partnerships and acquisitions for several years now. While customer adoption of the technology has lagged, providers of operations management, security, governance, and compliance have seen the value. DAM may not get a lot of press, but insiders are well-aware of the technology, and it is surprising to me we have not seen an investment of this size, or larger, during the past year.

Still, IBM's presence in this space likely provides a lift to the entire segment. I estimated the DAM market size at $70 to $80 million in 2008, and estimate $85 million for 2009. I base this on a combination of inside information, communication with customers, very chatty former employees of DAM vendors, and some educated guesses. I am excluding assessment and auditing revenue, the latter of which is extremely difficult to quantify. Regardless, it's tiny.

I'm willing to bet IBM can double the size of the market in less than a year. IBM sales has the ability to educate the market in a way that even Fortinet cannot. Meanwhile, Application Security, Imperva, Netezza, Secerno, Sentrigo, and the handful of other vendors -- all lacking an "evangelical sale" where you have to prove your product and the value it provides -- also benefit in terms of visibility, reduced sales cycles, and more customers. As revenues increase, expect further acquisitions of these remaining providers.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...