IBM Is Focused on Burgeoning Enterprise Security Requirements

Integration, analytics, services, identity and "C-level" messages

A few years ago, IBM’s information security assets were haphazardly scattered throughout its business units. RACF sat with the mainframe crew, IAM lived within the Tivoli group, and what remained of ISS gathered dust within IBM Global Services (IGS). This chaotic structure went through a rapid transformation in 2011 when former Tivoli GM Danny Sabbah pushed IBM to abandon its non-competitive SIEM product and acquire Q1 Labs, a market leaders. As I understand, then CEO Sam Palmisano agreed to fund the deal, but only if IBM consolidated all of its random products into a specialized security division. As a result of these moves, IBM has gone from information security also-ran to a position of leadership – especially in the large enterprise segment. Why? Market focus at the right time. Enterprise CISOs have come to realize that their existing potpourri of point tools is no match for the sophisticated threat landscape or new IT initiatives like cloud and mobile computing. Furthermore, even the most highly skilled and well-resourced security departments can’t keep up with security fire drills, manual processes, or necessary skills. Yup, enterprise security is rapidly changing and IBM is putting itself in the proverbial catbird seat to capitalize on this ongoing evolution. How? According to Brendan Hannigan, GM of the security division, IBM is: 1. Selling at the “C-level.” While other successful security vendors push better tactical mousetraps, IBM is pitching a new security architecture to CISOs, CIOs, and line-of-business managers. At this level, IBM can push a long-term security strategy rather than the industry default of point products for the security issue Du Jour. Additionally, IBM is aligning security strategy with organizational initiatives and business processes. This is a language that the C-level folks value. 2. Adding professional/managed services to its sales. Hannigan admits that security sales usually contain a services component and that this product/services trend continues to grow. IBM critics will say that this is simply due to the fact that IGS is a huge part of the business so IBM leads with services at all times. This may be true but it is really beside the point. According to ESG research, 62% of enterprises used third-party professional/managed services in 2013. Furthermore, 16% of these firms say that their use of third-party professional/managed services will “increase substantially,” while 42% believe their use of third-party professional/managed services will “increase somewhat.” With the global security skills shortage, this trend isn’t likely to slow so IBM security will remain well positioned. 3. Focusing on integration and ecosystem. IBM’s security vision includes an enterprise architecture with centralized command-and-control for configuration management, policy management, and security monitoring, along with distributed enforcement. As part of its acquisition strategy, IBM looks for piece parts like Fiberlink and Trusteer that can be glued into its architecture. To fill in the remaining gaps, IBM partners with vendors such as Trend Micro (endpoint antivirus). 4. Leveraging its corporate assets. IBM Corporation grabbed a laundry list of data analytics companies over the past few years such as i2 Limited, Netezza, SPSS, and StoredIQ. The security division is already integrating these assets into Q Radar, IBM security intelligence with big data, X-force security intelligence, and professional services. This gives IBM a leadership seat at the big data security analytics table. 5. Adding identity to the mix. While most of its enterprise security competitors dabble in identity, IBM is a market leader. As identity changes and becomes a more integrated piece of the security architecture, IBM will push its portfolio to its advantage. In spite of its broad portfolio, IBM is in no position to become all security things to all people. For example, IBM won’t jump into the AV game (although it will likely use Trusteer to compete with the likes of Bromium, Invincea, and Sourcefire on endpoint anti-malware). Additionally, IBM will likely eschew the next-generation firewall market entirely. Finally, in spite of the fact that IBM has revamped its GX series of IPS (formerly ISS), it won’t go head-to-head with Cisco, Juniper, HP, or McAfee in this market. Nope, IBM is not trying to go toe-to-toe with Check Point or Symantec, but its enterprise chops, services, and growing security portfolio of products is sure to disrupt the enterprise security landscape. Many vendors in the security market mock IBM’s ability to innovate or move quickly. Maybe, but CISOs (i.e. the customers) like what they see so far and that’s what really matters.

New! Download the State of Cybercrime 2017 report