Network Computingwww.networkcomputing.com

IBM Acquires Security Vendor Watchfire

Posted by NWC News Desk on June 7, 2007

This is one of those deals that "validate the market"--at least for those companies that haven't been burned by SQL injection, cross-site scripting and other Web security problems. Until IBM stepped in, the Web application security space was populated by a handful of small companies such as SPI Dynamics and Cenzic. Other acquisitions may follow as large vendors look to expand their security portfolios in a market with good growth potential. From IBM's perspective, the acquisition makes Rational, its software development management product, more attractive by building security auditing into the system. Watchfire also offers Web application vulnerability assessment as a service, which will dovetail nicely with IBM's security services push. Andrew Conry-Murray NWC New Products & Business Editor To supplement Andrew's spot-on comments, IBM's definitely showing they're not afraid to spend what it takes to start at the top of a market. Contrast that with Microsoft's purchases of smaller, less- known security companies to integrate into their OneCare and Forefront offerings. IBM purchased ISS and Consul last year, and now Watchfire, which is one of the more recognizable names in Web application security. Web application vulnerability scanners have been more and more integrated into the software development lifecycle--indirectly through processes, and directly with application hooks and partnerships--for some time, so it makes sense for IBM to make a purchase to solidify the place security has in the application auditing and development process. Jordan Wiens NWC Contributing Editor

IBM this week said it as agreed to acquire security software vendor Watchfire. Terms of the deal were not disclosed.

Watchfire provides Web application security and compliance testing solutions. Watchfire and IBM Rational are already business partners, and IBM said it would use Watchfire's technology to extend its existing governance and risk management products.

Watchfire, working in conjunction IBM Rational software, will help customers integrate Web application security and compliance early on and throughout the software development process--enabling customers to define, test, and track security compliance.

Watchfire has more than 800 customers in many industries, including financial services, government, technology, pharmaceutical, energy and utilities, education and manufacturing.

Watchfire's operations will become part of IBM's Rational software brand, IBM said.

RELATED LINKS Strategic Security: Web Applications Scanners Review: Automated Code Scanners With our developer hats on, we tested three source-code analyzers, evaluating language and platform support, usability and customization. Find out which one stood out from the others--thanks to its broadest range of technology support across the board.