HP has announced plans to acquire software security and compliance solutions provider ArcSight for US$1.5 billion, the second blockbuster security deal in less than a month.
With the buy, expected to close by the end of the year, HP gains ArcSight's security information and event management (SIEM) portfolio, used by customers to analyse and correlate events occurring across an organisation — such as login, logoff, file access and database queries — with the goal of prioritising security risks and compliance violations.
The acquisition of ArcSight enables HP, the world's largest PC maker, to provide customers with increased monitoring and management of events happening across their IT operation, Bill Veghte, HP's executive vice president of software and solutions, told SCMagazineUS.com. Gaining that visibility lets organisations build stronger applications, reduce risk and meet compliance demands.
HP believes a "holistic" approach to security is necessary because enterprises today must provide employees, partners and customers with greater access to data, Veghte said. At the same time, however, they face escalating threats, increased complexity and greater regulatory challenges.
Tom Reilly, president and chief executive officer of ArcSight, told SCMagazineUS.com that the deal offers synergy.
“We believe that you can no longer solely rely on perimeter security,” he said. “Our strategy is to go beyond, and look more holistically across the environment and have a complete view of who and what is on your network and compare it against policies.”
For a number of years, HP has been partnering with SenSage to sell SIEM technology, Mark Nicolett, vice president and distinguished analyst at Gartner, told SCMagazineUS.com. HP's current SIEM offering is part of its Compliance Log Warehouse product.
“HP is no stranger to the space, but didn't have their own technology, so from that standpoint, the acquisition makes sense,” Nicolett said. “They bought the strongest vendor in the space so it's a definitive move.”
Driven by regulations such as the Payment Card Industry Data Security Standard and Sarbanes–Oxley, SIEM has become a go-to technology for security and compliance, Nicolett said. It helps organisations recognize events, monitor privileged users and discover breaches.
“It's a core security capability,” Nicolett said. “If you can't be perfect at managing, administering and protecting an environment, the secondary capability is to keep a close eye on things and find things that have gone wrong, and that's what this technology allows you to do.”
The HP-ArcSight deal signals the continued trend of general IT players gobbling up security-focused companies. Last month, chip giant Intel bought McAfee in a blockbuster US$7.7 billion deal.
"All of these deals have a common theme," wrote Andrew Jaquith, senior analyst at Forrester Research, in a blog post. "The acquisition targets are all leaders in their respective markets. That is because we are at the point in the market cycle where the larger potential acquirers have enough cash in the bank to buy top-shelf companies. There is not a lot of bottom-fishing going on. Why have catfish when you can have caviar?"
Scott Crawford, research director of security and risk management at analyst and consulting firm Enterprise Management Associates, told SCMagazineUS.com that security is a fundamental part of IT management, so it “makes perfect sense” that major enterprise IT vendors would align security with their platforms.
“Major vendors are in a reasonably healthy cash position, and there are opportunities to find favorable deals in a challenging economy,” Crawford said.
Mike Rothman, president of research firm Securosis, said there are rumors that Symantec, Check Point or Trend Micro could be next.
“Before they were pretty much the predators — McAfee, Symantec, ArcSight, Check Point,” Rothman said. “Now these guys have become targets."
“It will be interesting to watch but I don't expect that much more activity for the rest of the year."
HP itself has been on a buying spree of late, coinciding with the CEO Mark Hurd's abrupt departure last month amid sexual harassment allegations.
HP won a bidding war with Dell to purchase storage vendor 3PAR for $2.4 billion in cash, and also recently acquired Fortify Software, a maker of application security solutions.
Rothman said he worries innovation at ArcSight could suffer, especially in the near term, as a result of the change.
“A lot of big companies have screwed up stable, innovative companies with acquisitions,” he said. “They get lost within the behemoth.”
See original article on scmagazineus.com
