IBM has revealed plans to acquire private cybersecurity firm Resilient Systems in a bid to expand its share of the incident response market.
The sale comes amid consolidation in the cyber sector and a decline in valuations of public and private cybersecurity firms.
Some investors believe the companies were overvalued after a host of headline-grabbing hacks against the US government and major corporations increased interest in the market.
Terms of the deal were not disclosed. The acquisition is being announced during the RSA security conference in San Francisco and is expected to close later this year subject to regulatory review.
IBM said it intends to retain the roughly 100 employees working at Resilient Systems, including chief executive officer John Bruce, a former vice president at Symantec, and chief technology officer Bruce Schneier, a prominent cryptographer, security blogger and author.
“Our intent is all these guys are going to come on board,” said Marc van Zadelhoff, general manager of IBM's security division said. “You acquire technology, but you really want to acquire people.”
Known as Co3 Systems when it was founded in 2010, Resilient Systems has become a leading player in the high-demand field of incident response by helping private and government customers prepare for, detect and mitigate cyber breaches, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group.
Incident response is “hot in the market", Oltsik said. “Customers are spending a lot of money on cybersecurity to address their shortcomings.”
The acquisition comes against the backdrop of a US cybersecurity market slogging through a funding slump, forcing some startups to sell themselves or cut spending.
IBM also said it is creating X-Force incident response services, which will leverage Resilient Systems’ technology and talent to help clients identify and respond to cyber threats.
The X-Force service will also rely on a new partnership with cyber firm Carbon Black, which IBM said will help its analysts conduct security forensics on compromised endpoint devices and discover where a breach first occurred.