Is HP Re-Entering the IAM Space?

Tweet

 

The recent acquisition of ArcSight by HP for $1.5B announced this past Monday inspired me to write this blog article (writer’s block is a thing of the past with all of these announcements).  It is exciting to see all of this activity in the information security industry, particularly after an intense prior week in the strong authentication arena.

ArcSight’s acquisition is particularly interesting for a number of reasons. Beyond ArcSight’s remarkable double-digit growth - despite the slow economy - and unquestioned leadership in the Security Information Event Monitoring (SIEM) space, I am particularly intrigued by the strategic significance that this acquisition will have for HP.

ArcSight’s core strength is SIEM proper, and in this area it has set the pace for innovation and quality.   This is not surprising, given ArcSight’s discipline and strong commitment to R&D.  ArcSight’s vision and execution goes beyond SIEM, and into more business aligned value propositions, such as fraud prevention and identity activity monitoring. The latter was of particular interest to Identropy, and the reason why we decided to partner with ArcSight

We wholeheartedly believe that executing on this vision and continuing the evolution of traditional SIEMs into other areas, intersecting with Identity and Access Management (IAM), is a trajectory that should continue, and moreover accelerate, since it addresses heartfelt pain points for organizations; particularly those, that due to their size and transaction volume, are looking for ways to effectively mitigate risks (such as internal attacks and fraud).  Only through this level of sophistication and integration can organizations make a dent in increasing visibility on what is happening in their IT environment, and preventing incidents that would otherwise go unnoticed. The nature, sophistication, and complexity of attacks nowadays far exceeds the capacity of humans to stay on top of all potential security exposures, and it is only with effective automation that organizations can maintain an effective security posture and reduce exposure and damage to the organization.

Food for Thought

HP’s acquisition raises some interesting thoughts:

• Will ArcSight, now under HP, continue investing in R&D at least at the same pace as it has done before the acquisition?  Given HP trends towards shrinking R&D investment, one would have reasons to be concerned.
• Will HP look tactically at the booming SIEM market, and focus mainly in growing its revenue in this space, rather than continuing the evolution into fraud prevention and identity activity monitoring?  Only time will tell.  It is clear ArcSight is a different animal for HP, and will force HP to adjust its sales models to make security and risk mitigation a top agenda item.  But this is not an easy task, and HP has had some false starts in this area; particularly as HP divested its Identity business in 2008 after a series of acquisitions: TruLogica in 2004 and Trustgenix in 2005.  Clearly, the investment HP has made in ArcSight dwarfs the combined investment they made in IAM in the past. The magnitude of this transaction makes it more strategic for HP, and hence the follow through in execution is expected to be at par with the price tag.
• I predict that, in the very short term, HP will become one of the most aggressive MSSPs in the market, by coupling the ArcSight technology, its very-successful co-sourced SOC service model and HP’s infrastructure as an IT service provider, enhanced with EDS (now HP Enterprise Services) resources, and HP’s existing security infrastructure solutions: HP Tipping Point Intrusion Prevention System and Security Management System.  This is an almost natural play.  The interesting question is whether this is a first step towards becoming a Managed Identity Service Provider or MISP (as defined here), which no doubt, HP would be in prime position for.  This move will evidently sever some of the relationships that ArcSight had with MSSPs, such as Dimension Data, but the MSSP market is large enough to leave room for some “coopetition”.
• And of course, this last argument begs the question?  Does this mean that HP will re-enter the IAM space after its failed first foray?
• In my view, this acquisition further distances HP from Oracle. Given the recent friction between the two companies, and the fact that Oracle was tooted to be one of ArcSight’s suitors.

The integration of ArcSight with HP will take some time to simmer, and it will be a while before some of these questions get answered.

We live in exciting times, no doubt.

The way things are going, my next blog article will focus on another exciting acquisition; the only question is who?