C-level briefing: What IBM’s incident response acquisition tells us about its cyber security plans.
2016 has seen so many acquisitions in the cyber security space that it would be easy to miss the potential significance of the early April buy-out of incident response company Resilient.
The buy-out, the financial details of which were not disclosed, slots Resilient’s response technologies fairly comfortably into IBM’s existing portfolio.
There was no overlap, according to Resilient CEO John Bruce, since Resilient’s core capability is not one that IBM had built. Or, in fact, any other provider, Bruce argues.
With most existing solutions, Bruce says, after a cyber attack "some individual is handed an alert and told to go and figure it out and take care of it.
"Individuals are left pretty much to their own devices and have no go-to technology to manage all of this stuff," he says.
Resilient essentially takes the alerts from a range of different vendors, including but not limited to IBM, and translates them into the steps that the practitioner now needs to take. It instructs them through the process of responding to the alert.
Founded five years ago, Resilient has more than 100 global customers, including 30 of the Fortune 500 and partners in more than 20 countries.
For its part, IBM launched a new incident response service on the back of the acquisition, Alongside the acquisition announcement, the IBM X-Force Incident Response Services. This helps clients plan for, manage and respond to cyber-attacks.
The platform will be foundational for these services, combined with IBM’s QRadar Security Intelligence Platform. IBM’s overall portfolio will also be integrated with Resilient’s technology.
As for Resilient, eight weeks on from the acquisition and Bruce says that the company has had a record quarter for sales and morale is very high.
"It is going way better than I expected and per their expectations. If my expectations were realised I’d have been happy, but they’ve been exceeded so I’m very happy."
With increased funding, the company has been able to hire a record number of new employees in the last month.
This is no surprise to Bruce, he says, since the companies had extensively worked together for two years before the sale.
"They had a healthy understanding of the product because they were already a customer, and they knew of us through their own customers," he says. "There was already an intimate relationship between our and their product people.
"In a lot of ways it wasn’t like a marriage of two strangers, it was much more like we’d been dating for a while."
Bruce says that his team had been warned in advance about the scale and size of the company.
"450,000 employees is a big company," he says.
However, Resilient was encouraged to consider the positives, which included increased interest in the market and more customers.
"When we were a small private company and we called a big corporation, they were sceptical and hesitant. Now that we’ve got an IBM logo on the product all of that is gone.
"People want to work with us," he says.
This takes us up to the present, but what about the future?
Resilient is continuing to produce new products, with version 26 of its product being demoed at this year’s Infosecurity Europe conference.
But Bruce is most excited about the innovation potential in the two companies working together.
Most of all, he has his eye on IBM’s cognitive computing technology, Watson.
"Watson has been hugely successful in the healthcare space because it’s an AI that works," says Bruce. "Watson for security when applied alongside Resilient will be quite something."
What does this mean in practice? This is what Bruce is really excited about.
"Watson is an uber-AI, and when you think about the challenges that a respondent faces, we can help them by things like spatial representation of an attack.
"Better yet, we can give them help in the form of an uber-expert: a thinker like Watson that can dive into that universe of things that the individual would otherwise have to digest and figure out what’s best to be done."
For now, the buy allows IBM to provide a complete security solution across the three main categories of prevention, detection and response. Time will tell if other big vendors follow its example.