IBM Security plans to acquire private cybersecurity firm Resilient Systems, the computing giant said, as part of a move to expand its role in the incident response market. The sale comes amid a consolidation in the cyber sector and a decline in valuations of public and private cyber firms. Some investors believe the companies were overvalued after a host of headline-grabbing hacks against the U.S. government and major corporations increased interest in the market.
Terms of the deal were not disclosed. The acquisition is being announced during the RSA security conference in San Francisco and expected to close later this year subject to regulatory review. IBM said it intends to retain the roughly 100 employees working at Resilient Systems, including Chief Executive Officer John Bruce, a former vice president at Symantec and Chief Technology Officer Bruce Schneier, a prominent cryptographer, security blogger and author. “Our intent is all these guys are going to come on board,” said Marc van Zadelhoff, general manager of IBM Security, told Reuters. “You acquire technology, but you really want to acquire people.”
Known as Co3 Systems when it was founded in 2010, Resilient Systems has become a leading player in the high-demand field of incident response by helping private and government customers prepare for, detect and mitigate cyber breaches, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. Incident response is “hot in the market,” Oltsik said. “Customers are spending a lot of money on cybersecurity to address their shortcomings.” The acquisition comes against the backdrop of a U.S. cybersecurity market slogging through a funding slump, forcing some startups to sell themselves or cut spending.
IBM also said, it is creating X-Force Incident Response Services, which will leverage Resilient Systems’ technology and talent to help clients identify and respond to cyber threats. The X-Force service will also rely on a new partnership with cyber firm Carbon Black, which IBM said will help its analysts conduct security forensics on compromised endpoint devices and discover where a breach first occurred.