Over the past few years, a number of independent Security Information and Event Management (SIEM) vendors were acquired by bigger players. In late 2010, HP scooped up market leader ArcSight for $1.5 billion. Last year, McAfee purchased Nitro Security while IBM acquired Q1 Labs.
In each of these deals, large vendors were using these acquisitions to bolster existing security offerings, replace legacy SIEM platforms, or fill holes in their portfolios to grow their security businesses. Kind of like your local general contractor buying a few new Chevy vans and some extension ladders.
This consistent pattern is what makes Tibco's acquisition of LogLogic this past April so fascinating. Tibco isn't a security technology vendor at all but rather describes itself as "a provider of infrastructure software for companies to use on-premise or as part of cloud computing environments." Hmm, so did the folks at Tibco suffer from temporary insanity when they grabbed LogLogic? Not at all. In fact, this deal really demonstrates some vision on Tibco's part. The deal makes a ton of sense because:
- Security management is moving toward an enterprise software architecture. In the past, threat management, risk management, and SIEM tools tended to be deployed and operated independently. Given today's threat landscape, IT complexity, and security requirements, however, the existing army of discrete point is no longer adequate for large enterprises. What's needed? Tight integration between centralized command-and-control, distributed enforcement technologies, intelligence-gathering sensors, and real-time situational awareness. In other words, security technologies need to be tightly integrated together with a common software infrastructure in order to exchange application-layer messages across the enterprise -- exactly what Tibco provides.
- Security = big data analytics. Large organizations are collecting, processing, and analyzing a growing mountain of data -- logs, events, packet capture, etc. This type of scaling requirement is simply beyond the scope of many security-focused SIEM tools and security vendors but it is a core skill set for Tibco.
- Security intelligence extends to the cloud. As large organizations embrace SaaS in lieu of internal applications or burst processing capacity to the cloud, security intelligence must come along for the ride. Tibco is well down this road at the business application level giving it the cloud integration chops to apply to burgeoning cloud security integration requirements.
Given this emerging sophisticated security software architecture, the list of potential competitors here is pretty thin. IBM can match Tibco in terms of software integration technologies, enterprise software architecture skills, and a leading SIEM platform. HP, McAfee, and RSA don't have the wealth of software integration assets but these vendors understand enterprise requirements, have strong security portfolios. and are headed in the right direction. That's about it.
The risk here is that in spite of all of its strengths, information security is simply too foreign and doesn't align with core Tibco skills and execution. Maybe, but you have to give the folks at Tibco kudos for recognizing a tangential and potentially lucrative opportunity and having the chutzpah to jump into next-generation security intelligence with both feet.