Learn about Sony Vaio for Business
IBM has purchased Ounce Labs, a privately held software security provider, the companies said Tuesday.
Software developers often face both security and compliance issues with their products. Ounce Labs uses its technology to scan the source code of an application, hunting for security holes and compliance failures. Ounce tries to track down problems early on in a product's development when they're easier and cheaper to fix.
IBM will integrate Waltham, Mass.-based Ounce Labs into its Rational software business, which offers security and compliance testing. Big Blue said it believes that the combination of Ounce Labs and Rational will provide its customers with security analysis from source code to final production.
"The complexity of today's systems and the sophistication of attacks require comprehensive technology," said Daniel Sabbah, general manager of IBM Rational Software. "The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security-testing solution for managing security and compliance across all stages of the software delivery process."
Ounce Labs, which was founded in 2002, recently sponsored a survey that showed many CEOs and their executive officers don't necessarily see eye to eye on key security issues.
Big Blue is in a buying mood. Ounce Labs is IBM's second acquisition deal of the day, with the company just announcing that it will acquire business analytics forecaster SPSS for $1.2 billion.
The terms of the Ounce Labs acquisition were not disclosed.
Cisco System's Security Monitoring for Threat Identification, Mitigation, and Compliance (aka MARS) product is the company's offering for security and compliance management, competing with the likes of ArcSight, RSA Security, and Symantec. The MARS product came via Cisco's acquisition of Protego for $65 million in December 2004.
Through 2005 and 2006, Cisco pushed this product into end-user accounts through an aggressive scorched-earth effort. Cisco intended to get the product out into the market quickly, establish a base, and then continually add product enhancements over time. This seems to be where the strategy hit a speed bump.
The product languished behind competitive offerings, causing problems with the installed base. This opened the door for aggressive competitors: Enterasys, Juniper, and Nortel established partnerships with Q1 Labs in a direct attack on MARS. Log management vendors like LogLogic and LogRhythm out-flanked Cisco with incremental products. Worst of all, some Cisco sales executives and channel partners eschewed MARS in favor of more popular Cisco products. When you have a portfolio of hundreds of products, it is easy to lead with your best stuff and never mention those in the doghouse.
This brings up a reasonable question: What should Cisco do with MARS? As I see it, Cisco has three choices:
Admit defeat and get out. Cisco could bury MARS and partner with others in the industry. GE would take this route but I can't imagine that Cisco will.
Double down on MARS development. MARS 6.0 was released earlier this year and it did move the ball forward but the product remains way behind others in the market. Management software has always been a bit of an Achilles' heel for Cisco.
Replace MARS with another acquisition. There are plenty available at bargain prices. Cisco could bid on publicly traded ArcSight, grab a legacy Security Information Management vendor like Intellitactics or NetForensics, pick up a log management player, or take a chance on a wildcard like Nitro or Splunk.
CA on Tuesday announced it acquired identity management company IDFocus.
With the acquisition, CA plans to use IDFocus' Ace identity management technology to provide employees with multiple authorizations in their company's employee resource planning (ERP) system to automatically have those authorizations checked against the information they are seeking or the task they're trying to conduct.
Specifically, the CA Identity Manager aims to give employees various authorizations, then run a check against the segregation of duties (SOD) policies set up in the IDFocus software. If a policy has been violated, the CA Identity Manager is designed to kick in and prevent the employee from accessing the information or performing the attempted task.
"This acquisition strengthens CA's ability to continually enhance critical elements of CA's Identity and Access Management suite," Dave Hansen, CA Security Management general manager, said in a statement.
Terms of the sale were not disclosed.
- prev
- 1
- next
