IBM buys database security firm Guardium

Analyst: Deal could spur roll up in the database activity monitoring space

IBM has acquired database security vendor Guardium, it said Monday, confirming earlier reports. Terms of the deal were not disclosed.

Guardium makes technology for provides real-time monitoring of database activity, allowing companies to detect fraud, outside attacks and other illegal activities. The privately held Waltham, Massachusetts, company has about 150 employees and 400 customers, according to CEO Ram Metser. Its products will be rolled into IBM's sprawling Information on Demand product portfolio.

2009's hottest tech M&A deals

Guardium and its competitor Imperva have been the subject of acquisition rumors for more than a year, according to Adrian Lane, an analyst with Securosis.

"Guardium is one of the only firms still standing with a mainframe monitoring solution, which is a major prerequisite for much of IBM's customer base. From the IBM perspective, the functionality makes sense and fits well into some of their existing security products," he wrote in a blog post Monday. "From an architectural standpoint, integration (as opposed to just sharing data and events) will be a challenge."

Currently, Guardium's software supports a wide range of database platforms and IBM has no plans to change that, given the heterogenous nature of its customers' IT environments, according to Arvind Krishna, general manager in the IBM Information Management division.

"We have to be able to support them, and only expect to add [more platform support] over time," Krishna said during a conference call.

Meanwhile, the deal leaves other vendors in the space "a little more valuable," Lane said in his blog post. "There remain a lot of firms like EMC, McAfee, Oracle, Symantec, and others who would really benefit from gaining DAM technology, so I expect additional acquisitions in the next 6 months."

Such a roll up could "spell great news in the coming years, in the form of increased quality, better-integrated server agents and one-stop shopping -- not to mention the rapidly increasing possibility to think of database vendors as being part of the solution when firms move to establish enterprise-wide data security (or anti-data-loss) programs," said Nick Selby, managing director of security consultancy Trident Risk Management.

(Robert McMillan in San Francisco contributed to this report.)

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies