Security management is hot again. Just as I was blogging about McAfee\/Nitro Security, IBM announced that it had acquired Watham, MA-based Q1 Labs. From a corporate perspective, IBM deserves a lot of credit. IBM had its own Tivoli security platform back in the early 2000s which was replaced by GuardedNet when IBM bought Micromuse. Neither of these security management tools caught on in the market. Rather than throw good money after bad, IBM decided to replace its security management software with a market leader in Q1 Labs. It takes guts to make a decision like this.Q1 Labs is an old-fashioned IT startup success story. Unlike the flash-in-the-pan 1990s firms, Q1 Labs raised money, built a team, and then steadily enhanced its software annually. Early on the company was considered a Network Behavior Anomaly Detection (NBAD) also-ran, competing with Arbor Networks, Intrusic, Lancope, and Mazu. It then added SIM capabilities, targeted network security, and positioned itself as an alternative to Cisco MARS. Q1 Labs then partnerned with networking leaders like Enterasys, Juniper, and Nortel for distribution. While Q1 Labs made incremental progress, many of its competitors faded away and over the last few years, it gained a leadership position. Q1 Labs is the ultimate Horatio Alger meets IT story.A few additional thoughts on what IBM and Q1 Labs means:1. While IBM's security story isn't garnering a lot of headlines, the company has built a very strong portfolio of professional services, managed services, hardware appliances, and software. IBM can also take an identity-based approach to security using its Tivoli Access Manager (TAM) and Tivoli Identity Manager (TIM) suites. IBM may have the broadest portfolio around.2. IBM understands that next-generation enterprise security must be based upon a software architecture. This means individual security applications connected via application services based upon secure SOA, message oriented middleware, web services, etc. Yes, IBM is fully capabile of building this architecture and opening it to all security applications, but the real business opportunity is offering the security software architecture AND the applications. By purchasing Q1 Labs, it is poised to accomplish this.3. Next-generation security management will require much more adept analytics then SIEM event filtering and correlation. IBM will combine Q1 Labs with its deep analytics from acquired companies like Cognos, i2, and SPSS. Watson can win and Jeopardy but IBM believes that analyzing application flows, URL connections, and user behavior for security forensics will lead to a bigger payoff.A few years ago I attended IBM's management show (IBM Pulse) in Las Vegas. I had the pleasure of meeting then head of IBM Tivoli, Al Zollar, at one of the receptions. When Mr. Zollar asked me what I thought of the event, I mentioned that I liked IBM's "smarter planet" push, but as a security professional it scared the heck out of me. I went on to say that initiatives like "smart grid" make economic sense but they also create much bigger vulnerabilities and potential targets. I thought that IBM should balance its "smarter planet" momentum with a "secure smarter planet" initiative. Mr. Zollar agreed and actually pointed me toward a number of existing IBM resources that reinforced IBM's commitment to security. I suddenly came to the realization, 'IBM gets it.' Since this cocktail hour conversation many years ago, IBM has really demonstrated its willingness to commit people, money, and time to security and is now poised to capitalize on this investment. Q1 Labs is simply the icing on the cake.