RealTime IT News

Where There's IBM, There's Watchfire

UPDATED: IBM  today agreed to buy security and compliance testing software vendor Watchfire for an undisclosed sum.

Waltham, Mass.-based Watchfire makes AppScan, a security vulnerability testing suite that lets users identify potential security risks in applications.

The product is designed to help fend off such attacks at the application layer as SQL injections, which are becoming increasingly more common because intruders are slipping past firewalls to sniff out corporate data. Such breaches can lead to major data and or financial losses.

IBM plans to integrate the Watchfire assets into its Rational software line, which guides applications through the software development lifecycle.

With AppScan, programmers using the Rational Software Delivery Platform will be able to conduct security and compliance testing early in the software development process, allowing them to safely define and track the compliance of their applications. This lets companies preserve the integrity of their applications before they go live.

IBM Rational Software General Manager Danny Sabbah said on a conference call the deal fulfills a critical requirement of software development and delivery -- security and compliance testing.

"With online security and privacy incidents on the rise, security breaches and lack of compliance with industry and government regulations can diminish business integrity and customer trust, not to mention the serious financial implications for many organizations," Sabbah said.

"Watchfire technology, together with IBM, will help customers reduce these security risks and the associated costs to their business."

Sabbah also said the deal will bring together two market-share leaders, according to research from Gartner: IBM in application development and Watchfire in security vulnerability scanners.

The purchase builds on the existing relationship between the two companies, as Watchfire is an IBM Rational software business partner. In this capacity, Watchfire validated the integration of their offerings to the IBM Rational Software Delivery Platform.

Buying Watchfire will also grant IBM access to more than 800 customers in financial services, government, pharmaceutical and energy and utilities.

The deal also takes out one of the three main Web application security startups, the other two being SPI Dynamics and Cenzic. SPI earlier this year revamped its architecture and WebInspect product to get in touch with Web 2.0 apps.

Sabbah said Watchfire's 189 employees, including CEO Peter McKay and CTO Mike Weider, will join IBM.

The deal, expected to close in the third quarter, is no surprise; IBM has been avidly building up its security offerings through the development of its Tivoli identity, access and compliance software.

Big Blue took a major step to bolster its security stack when it bought security appliance and services provider Internet Security Systems for $1.3 billion last year.