I think this is a great development for Resilient Systems and its incident-response platform. (I know, but that’s what analysts are calling it.) IBM is an ideal partner for Resilient, and one that I have been quietly hoping would acquire it for over a year now. IBM has a unique combination of security products and services, and an existing organization that will help Resilient immeasurably. It’s a good match.
Last year, Resilient integrated with IBM’s SIEM — that’s Security Event and Incident Management — system, QRadar. My guess is that’s what attracted IBM to us in the first place. Resilient has the platform that makes QRadar actionable. Conversely, QRadar makes Resilient’s platform more powerful. The products are each good separately, but really good together.
And to IBM’s credit, it understood that its customers have all sorts of protection and detection security products — both IBM’s and others — and no single response hub to make sense of it all. This is what Resilient does extremely well, and can now do for IBM’s customers globally.
IBM is one of the largest enterprise security companies in the world. That’s not obvious; the 6,500-person IBM Security organization gets lost in the 390,000-person company. It has $2 billion in annual sales. It has a great reputation with both customers and analysts. And while Resilient is the industry leader in its field and has a great reputation, large companies like to buy from other large companies. Resilient has repeatedly sold to large enterprise customers, but it always takes some convincing. Being part of IBM makes it a safe choice. IBM also has a sales and service force that will allow Resilient to scale quickly. The company could have done it on its own eventually, but it would have taken many years.
It’s a sad reality in tech is that too often — once, unfortunately, in my personal experience — acquisitions don’t work out for either the acquirer or the acquiree. Deals are made in optimism, but the reality is much less rosy.
I don’t think that will happen here. As an acquirer, IBM has a history of effectively integrating the teams and the technologies it acquires. It has bought something like 15 security companies in the past decade — five in the past two years alone — and has (more or less) successfully integrated all of them. It carefully selects the companies it buys, spending a lot of time making sure the integration is successful. I was stunned by the amount of work the people from IBM did over the past two months, analyzing every nook and cranny of Resilient in detail: both to verify what they were buying and to figure out how to successfully integrate it.
IBM is going through a lot of reorganizing right now, but security is one of its big bets. It’s the fastest-growing vendor in the industry. It hired 1,000 security people in 2015. It needs to continue to grow, and Resilient is now a part of that growth.
Finally, IBM is an East Coast company. This may seem like a trivial point, but Resilient Systems is very much a product of the Boston area. I didn’t want Resilient to be a far-flung satellite of a Silicon Valley company. IBM Security is also headquartered in Cambridge, just five T stops away. That’s way better than a seven-hour no-legroom bad-food transcontinental flight away.
Random aside: this will be the third company I will have worked for whose name is no longer an acronym for its longer, original, name.
When I joined Resilient Systems just over two years ago, I assumed that it would eventually be purchased by a large and diversified company. Acquisitions in the security space are hot right now, and I have long believed that security will be subsumed by more general IT services. Surveying the field, IBM was always at the top of my list. Resilient had several suitors who expressed interest in purchasing it, as well as many investors who wanted to put money into the company. This was our best option.
We’re still working out what I’ll be doing at IBM; these months focused more on the company than on me personally. I know they want me to be involved in all of IBM Security. The people I’ll be working with know I’ll continue to blog and write books. (They also know that my website is way more popular than theirs.) They know I’ll continue to talk about politically sensitive topics. They know they won’t be able to edit or constrain my writings and speaking. At least, they say they know it; we’ll see what actually happens. But I’m optimistic. There are other IBM people whose public writings do not represent the views of IBM — so there’s precedent.
All in all, this is great news for Resilient Systems and — I hope — great news for IBM. We’re still exhibiting at the RSA Conference. I’m still serving a curated cocktail at the booth (#1727, South Hall) on Tuesday from 4:00-6:00. We’re still giving away signed copies of Data and Goliath. I’m not sure what sort of new signage we’ll have. No one liked my idea of a large spray-painted “Under New Management” sign nailed to the side of the booth, but I’m still lobbying for that.
EDITED TO ADD (3/17): This is how IBM is positioning us, at least initially.