Founded in Israel, the Boston-based firm was started in 2002 and has about 60 employees. The deal was reported Friday in the Israeli financial newspaper TheMarker.
Guardium's SQL Guard appliance monitors and manages connections to and from a wide variety of enterprise database products. The company's line of Linux-based appliances ensures a system of checks and balances between the security and database engineering teams by bypassing native database logging features.
The database activity monitoring (DAM) software hosted on the appliance consists of local database agents, network-based appliances to passively gather traffic or to actively work as a firewall, and aggregation servers that collect and analyze data. Guardium is a subsidiary of Israel's Log-On Software.
Database activity auditing and monitoring technologies give companies reports from vast amounts of activity logs collected daily. In addition to Guardium, other vendors include Application Security Inc., Embarcadero Technologies Inc., Imperva Inc., IPLocks Inc., Lumigent Technologies Inc., Sentrigo Inc. and Symantec Corp.
Adrian Lane, an independent consultant at Securosis, a security practice based in Phoenix, Ariz. said the economy has created opportunities for large vendors to acquire smaller start-ups. The DAM market has been undergoing consolidation, he said. Data warehouse and analytics vendor Netezza Corp. acquired Tizor Systems Inc. in March. Last year, database monitoring vendor RippleTech Inc. was acquired by security incident and event management (SIEM) and intrusion prevention system (IPS) company NitroSecurity Inc.
In an interview with SearchSecurity.com Lane said he expects further consolidation as many of the companies have reached their full revenue potential within the market.
"There are other companies out there interested in the technology, but it depends whether or not the remaining vendors meet their architecture and feature requirements," Lane said. "This market is mature with vendors offering a broad range of compliance and security policies built-in. They've proven they can integrate within workflow and trouble ticketing systems."
Lane said Guardium may have been attractive to IBM because it is one of the only firms that supports mainframe monitoring. The price Big Blue paid -- $225 million -- is surprising and could reflect that it was bidding against other competitors, he said.