IBM Buys Into Security

IBM's Recent Deal to acquire Web security software vendor Watchfire is one of those deals that "validate the market"--at least for those companies that haven't been burned by SQL injection, cross-site scripting and other Web security problems.

Until IBM stepped in, the Web application security arena was populated by a handful of small companies, such as Cenzic and SPI Dynamics. Other acquisitions may follow as large vendors look to expand their security portfolios in a market with growth potential.

Contrast IBM's move with Microsoft's purchases of smaller, less-known security companies to integrate into its OneCare and Forefront offerings. IBM purchased ISS and Consul last year and now is acquiring Watchfire, one of the more recognizable names in Web application security. Web app vulnerability scanners have been more and more integrated into the software development lifecycle--indirectly through processes and directly with application hooks and partnerships--for some time, so it makes sense for IBM to make a purchase to solidify the place security has in the application auditing and development process.

From IBM's perspective, the acquisition makes Rational, its software development management product, more attractive by building security auditing into the system. Watchfire also offers Web application vulnerability assessment as a service, which will dovetail nicely with IBM's security services push.