Hewlett-Packard Co. Monday announced plans to acquire ArcSight Inc. for about $1.5 billion, adding the company's security information event management (SIEM) capabilities to HP's IT management software portfolio.
ArcSight's technology is strong and there's obvious integration opportunities down the road with HP's broad portfolio.
vice presidentGartner Inc.
HP said it expected the deal to close by the end of the year.
Cupertino, Calif.-based ArcSight provides both event management and log management capabilities in its ArcSight Enterprise Security Manager and ArcSight Logger appliances and software. It has broadened its event correlation capabilities, connecting to third-party vulnerability data to provide threat analysis and reporting capabilities for compliance.
In a conference call with analysts, Bill Veghte, executive vice president, software and solutions at HP, said integrating ArcSight's correlation event engine into HP's IT operations infrastructure and management software will provide customers with greater visibility of security events in their environment.
"ArcSight combined with HP's IT management software will give enterprises the broadest view of anything going on in the enterprise than any other software out there today," Veghte said. "Our new approach is where security and IT operations are converged, not siloed … The approach is holistic and proactive."
SIEM technology collects and analyzes activity data to determine the overall health of a network. The market has been driven upwards by compliance initiatives and dozens of vendors are competing with SIEM appliances and software.
The acquisition pits HP against other large IT management players, including IBM, CA Inc. and RSA, the security division of EMC Corp. Mark Nicolett, vice president at Stamford, Conn.-based research firm Gartner Inc. said he doesn't expect the acquisition to shake up the SIEM market.
"HP is making a very strong entry into the market with this acquisition; they're being very aggressive," Nicolett said. "ArcSight's technology is strong and there's obvious integration opportunities down the road with HP's broad portfolio."
With few differences between vendors, HP may have paid a steep price, buying the largest maker of SIEM software, to gain entry into the market, said John Kindervag, a senior analyst at Cambridge, Mass.-based Forrester Research Inc.
"HP bought the Cadillac of the business; they're getting leather seats instead of cloth seats," Kindervag said. "I suspect that they paid an awful lot of money compared to what they're going to get out of it in the end. With $1.5 billion, HP could have built the world's best product from the ground up."
ArcSight's market share, though large, was also declining in a market that is relatively small, about $1 billion, Kindervag said, adding that the acquisition could open up the marketplace for other players. In addition to Arcsight Inc., other established names include Intellitactics Inc., LogLogic Inc., NetForensics Inc., NetIQ Corp., Novell Inc., Q1 Labs, Sensage Inc., Symantec Corp. and TriGeo Network Security Inc. In February, TripWire Inc. announced it was getting into the SIEM business.
"There's been a low barrier to entry into this space, so with a lot of vendors getting into it, the pieces of the pie are pretty slim," Kindervag said.
In addition to increasing visibility, HP's Veghte said ArcSight's software compliments HP's software for IT operations by being able to detect and correlate events in real time and enable IT professionals to take appropriate action.
Veghte said HP is also looking to tap into ArcSight's strong market position among Fortune 100 and Fortune 1,000 companies with its sales and services teams. ArcSight's large customer base, especially with government sector, compliments HP's professional services business.
"We see a market that needs a proactive, holistic new approach to security and compliance and this announces our intent to be a leader in delivering that capability," Veghte said.
In a statement, Tom Reilly, president and chief executive officer of ArcSight, said the acquisition will modernize the way enterprises do security.
" By combining ArcSight's Enterprise Threat and Risk Management Platform with HP's breadth of application development and operations management solutions," Reilly said, "HP will be able to offer an integrated security platform that delivers broader visibility, deeper context and faster remediation of enterprise-wide security and risk-related events. In a world where perimeter security is no longer enough, businesses need this holistic approach to securing their networks, applications and sensitive data."