IBM Adds Post-Cyber Attack Planning With Resilient Systems Acquisition

The RSA security conference is being held this week in San Francisco where security pros come together to discuss strategy. IBM made several security announcements this morning ahead of the conference, headlined by the purchase of Resilient Systems.

Instead of trying to prevent an attack, Resilient gives customers a plan to deal with a breach after it’s happened. While IBM offers pieces for protecting and defending the network, no security system is fool-proof and there will be times when hackers slip through the defenses (or the attack comes from within).

“What happens when an attack happens, which unfortunately has become an inevitably. You need resilience to get back up and running and minimize the damage. There has to be muscle memory of what you will do and how you will react,” Caleb Barlow vp of security at IBM told TechCrunch.

To help companies establish post-breach plans before attacks happen, IBM also announced a new services component called the IBM X-Force Incident Response Services team. The idea is to provide expertise around this type of planning in the same way companies plan for other types of disasters before they happen, so they have a set of procedures in place.

The final piece is a partnership with Carbon Black, a company that provides a full incident record that lets a customer trace the incident all the way back to its origin (such as clicking on a phishing link) and see the impact it’s had across the organization. Barlow described the Carbon Black tool like rewinding a video tape.

He says when you combine these three pieces, it gives IBM a comprehensive incident response package. Many companies don’t know what to do when a breach occurs or the responsibilities are too spread out across large organizations. This provides a post-breach planning tool, consulting services to help executive teams and IT think about those plans before an incident occurs and a way to do post-incident forensic analysis.

Resilient walks companies through exactly what they need to do based on their state or country. This could include activities like informing the right law enforcement officials, contacting the insurance company, shutting down the affected workstations and so forth.

As Barlow explained every company has an emergency response system for a variety of potential disasters, but they often lack a coherent plan for dealing with a cyber security attack.

The IBM security division was formed 4 years ago with the purchase of QRadar. Since then the division has grown to 7300 employees and $2 billion in revenue. It added a thousand employees last year alone, Barlow said.

With the purchase of Resilient, IBM gets 100 employees, who are post-breach subject experts and 30 of the Fortune 500 customers Resilient has in its portfolio (along with its other customers).

A report from XConomy pegged the purchase price at $100 million, but neither IBM nor Resilient would confirm that price with Barlow simply saying, “We never discuss the price of private acquisitions.” The purchase has to pass regulatory approval before it becomes official.

This acquisition did not come out of the blue. There is a technical link between the two already. Resilient has been on IBM’s radar as a business partner that built an application on top of the QRadar platform.

Today’s announcements have to be seen against the backdrop of IBM’s transformation strategy centered on cloud, analytics, Watson cognitive computing and security. The company has yet to see great financial results from this transition with 15 straights quarters of diminishing revenue, but it keeps pushing along trying to beef up these different components through acquisitions. Today’s announcements are part of that overall approach.