Strong compliance biz behind HP's ArcSight buy

Continuing the spate of security consolidation moves, technology giant HP looks set to build a 'cradle to grave' solution for security regulations

Hewlett-Packard's announcement on Monday that it would be acquiring security monitoring firm ArcSight comes as no surprise to industry watchers.

For a number of weeks, acquisition rumors have surrounded ArcSight, the largest maker of systems for monitoring and analyzing security information and network attacks. The company and its competitors -- security giant RSA and such boutique firms as Q1 Labs and LogLogic -- have had strong business even during these poor economic times, making them valuable targets for purchasers.

[ Also on InfoWorld: "HP to buy ArcSight for $1.5 billion. " | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter.| And get the spin on key tech news that you'll find nowhere else at InfoWorld's Tech Watch blog. ]

Companies' need for systems that help them comply with regulations is the primary driver in the market, and HP is looking to expand into that market, said Andrew Hay, senior analyst with the 451 Group's enterprise security practice.

"Cradle-to-grave security and compliance is what HP is talking about doing," Hay said. "It's definitely the business driver for a lot of companies in the sector."

Approximately, 70 to 80 percent of log management and security-information-and-event-monitoring (SIEM) system sales are driven by compliance, Hay said.

The news that HP will buy ArcSight for $1.5 billion is good for both companies. ArcSight's competitors had started chipping away at the company's market share, so the company will likely be able to do more as part of a larger corporation's portfolio. The acquisition will also help HP offer security products and services from code creation through network monitoring and analysis of security events, such as attacks and probes.

The proposed acquisition continues the year's string of purchases and mergers -- at least 37 in the security market, according to the 451 Group. Some of the largest deals include Intel's proposed merger with security software giant McAfee, HP's purchase of Fortify, and Symantec's acquisition of VeriSign's identity and authentication business.

The consolidation is likely to continue. With two other major SIEM players left, IBM, Oracle, Cisco, Dell, and even Intel's McAfee could be looking at expanding their presence in the space, Hay said.

"All the consolidaiton has kind of shaken up the industry and woken people up to the possibilities," he said. "This acquisition is going to be the catalyst for more to come."

This article, "Strong compliance biz behind HP's ArcSight buy," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.