HP Continues Security Push With $1.5B Purchase Of SIEM Vendor ArcSight

Hewlett-Packard is putting money behind its pledge to make IT security a key piece of its growing software business, bidding $1.5 billion for ArcSight, which makes software for security information and event management (SIEM).

ArcSight is the largest independent SIEM vendor, with about 20% market share. HP in August acquired privately held Fortify, a specialist in secure software development.

HP is focusing on four market segments: secure application development (Fortify), security visibility (ArcSight), evaluation (ArcSight), and remediation. The company plans to integrate its network management software, HP OpenView, with its security tools.

Tom Reilly, president and CEO of ArcSight, promises HP's product line will take a "holistic" approach to securing networks, applications, and sensitive data, because "perimeter security is no longer enough." Read that as a shot across the bow of established enterprise security vendors such as Symantec and McAfee, which also offer SIEM in their security suites.

One challenge will be integrating ArcSight into HP's suite while keeping the heterogeneous product support that SIEM requires. Independent SIEM vendors include SenSage and Q1.

In general, SIEM products tend to be too complex, says Mike Rothman, an analyst with Securosis. "If you're just trying to check the compliance box, gather some logs from some of your devices, and run a report, a lot of the tools can do that," Rothman says. "But if you want to get actionable type of information, it's really a journey. It's not a two-week project."