IBM To Add Compliance, IT Management With BigFix Buy


IBM is expanding its security presence with plans to purchase compliance and security management company BigFix. The deal is expected to close some time during the third quarter, subject to regulatory approval and the completion of customary closing conditions.

Emeryville, Calif.-based BigFix, has niches in security compliance and IT management, and the impending acquisition will give IBM a bit more relevance in managing and automating security, executives said.

"We've seen a convergence in the marketplace. With configuration management, security management," said Joe Anthony, director of security, risk and compliance product management for IBM Tivoli Software. "Partners are excited about going in and offering a single point of control."

Specifically, the impending acquisition will also boost IBM's capabilities in the management space with products that consolidate endpoints such as laptops, desktops and servers that manage critical applications for systems lifecycle, vulnerability assessment, energy-efficient computing and configuration and security compliance.

The BigFix acquisition will also allow IBM to make inroads into automating compliance updates. The move will give IBM products that flag IT administrators when corporate PCs, laptops and servers are out of compliance with corporate IT standards or federal, state or commercial regulations. The BigFix portfolio contains products that recommend security fixes and provide software updates, and provide real-time reporting of compliance status, and provide organizations a single view of thousands of computers running in the data center.

"People are very concerned about what types of systems they are using to access devices, and how cleaned and compliant are those individual machines," Anthony said.

Altogether, BigFIx, which will be integrated into the IBM Software Group, has more than 700 customers and 120 channel partners in verticals that include federal, retail, entertainment, health care, education and financial services. Anthony said that IBM hoped to retain all of the BigFix partners.

The BigFix products will be added primarily as standalones to IBM's existing portfolio. However Anthony said that both companies could do some co-sell packages down the road.

"I don't think we're going to try and create super large packages as a result," he said. "The level of granularity was comprehensive enough. We had packages similar in nature with what they brought to market."

In recent years, IBM has made concerted efforts to beef up its presence in the security space, with acquisitions that include Ounce Labs, Internet Security Systems and Watchfire, which have contributed to the company's existing 200 security-related products and security staff of 3,500. The impending BigFix acquisition will be IBM's 11th security acquisition the company has made since 2006.

Meanwhile, IBM is currently developing its product line and trying to gain credibility in the security space against industry giants, such as Symantec and McAfee, which have dominated the market for years.

However, Anthony said that IBM wasn't looking to play in all areas of the security space.

"In different market segments, we are the market leader, he said. "The overall market is very broad, and we'll expand in more areas."