Security Strategy, Plan, Budget

IBM keeps mind on security with Watchfire buy

Filling a gap in its growing security portfolio, software giant IBM today announced plans to acquire leading application security vendor Watchfire for an undisclosed amount.

Solutions from the Waltham, Mass.-based Watchfire will "extend IBM's governance and risk management strategy, with broad security and compliance capabilities integrated into the software development lifecycle," according to a statement released today. Watchfire operations will join IBM's Rational software brand.

"Watchfire is a recognized industry leader in the security and compliance market that will further strengthen our ability to help customers mitigate risk by integrating security, quality testing and compliance testing requirements early in the software development process — before vulnerabilities are exposed," Danny Sabbah, general manager of IBM Rational Software, said in the statement.

Sabbah said today on a conference call that the market for security vulnerability scanning tools are one of the IT security space's fastest growing segments.

"It's checking to make sure you're not being cavalier with customer data," he said, adding that Watchfire solutions not only are designed to achieve security but also compliance.

Mandeep Khera, vice president of marketing for Cenzic, a competitor of Watchfire, said seven out of 10 applications are vulnerable to attack. The purchase of Watchfire by powerhouse IBM "validates the market, big time," he said.

"Most of the (hacker) attacks are happening at the application layer," Khera said.

IBM said Watchfire, whose product line includes the AppScan web application security testing suite, also will complement Big Blue's Tivoli identity management solutions and its network security offerings from the Internet Security Systems (ISS) division.

"Web application attacks can expose high-value data such as personal information, customer records and corporate intellectual property," Peter McKay, Watchfire president and CEO, said in the statement.

IBM's last big security buy occurred last August when it picked up ISS for $1.3 billion. It also snared Consul risk management in December.

IBM clearly is positioning itself to be a major player in security, Sabbah said during the call.

"One of the reasons why we're making such a concerted push into this particular (security) arena is because it's top of mind (at organizations)," he said.

He added that the purchase will help 11-year-old Watchfire, with about 800 existing customers, to penetrate the global market. McKay said during the call that about 85 percent of company revenue is generated from North American sales.

Get more IT security news. Click here for SC Magazine Blogs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.