[Updated, 2/24/16, 12:45pm] IBM is adding to its arsenal of acquisitions in cybersecurity. Resilient Systems, a Cambridge, MA-based company that helps organizations respond to cyber attacks, is being bought by IBM Security, according to two sources with knowledge of the deal.
One source puts the acquisition price at more than $100 million. The deal’s financial structure and other details have not been disclosed. IBM and Resilient Systems have not yet responded to requests for comment.
Resilient Systems, formerly known as Co3 Systems, was founded in 2010 by Anthony Cirurgiao and Luca Fabbri. John Bruce and Ted Julian, who are veterans of Symantec, EMC, Arbor Networks, and other security firms, now lead Resilient as its co-founders; Bruce became CEO in 2011. The company has raised at least $10 million in venture funding but has kept those financial details under wraps. Its lead VC investor is Fairhaven Capital, a Cambridge-based venture firm. As of last summer, Resilient had just under 100 employees. [This paragraph updated with details about the company’s founders—Eds.]
Resilient focuses on incident response—giving companies and organizations a kind of software playbook to handle the aftermath of getting hacked. That includes things like best practices concerning government regulations, and instructions for what to do in different situations and geographies, all encoded into a user interface that keeps the human (say, an operations manager) in the loop. The company recently said its sales grew year-over-year by more than 300 percent in 2015, but it didn’t give hard revenue numbers. Its customers include big technology companies, hardware makers, retailers, universities, and hospitals.
The cybersecurity industry is anticipating more exits and consolidation after a busy 2015. Locally, security companies Rapid7 and Mimecast had initial public offerings last year, and Veracode and Carbon Black (formerly known as Bit9) are waiting in the wings.
IBM Security, also based in Cambridge, has a history of acquiring Boston-area cybersecurity companies. It bought Q1 Labs in 2011 and Trusteer in 2013. Q1 Labs formed the basis for IBM’s security division, which was led by Q1’s chief executive Brendan Hannigan until he left IBM at the end of last year; Hannigan has since joined the board of another Cambridge security startup, BitSight Technologies. Marc van Zadelhoff now leads IBM Security as its general manager.
Resilient seems like a good fit for what IBM Security has been trying to do—get its customers and partners to share more information on cyber threats in a systematic way. “We’re trying to serve as a hub,” Resilient’s CEO Bruce (pictured) told me last year. “We believe we can help other vendors.”
In fact, this week Resilient has been at IBM’s InterConnect conference in Las Vegas, demonstrating how its software can integrate with IBM Security’s tools for managing and sharing data on security incidents and threats—called QRadar and X-Force Exchange—to create an “incident response hub.”
With the Resilient deal, IBM has acquired at least 23 software companies based in Massachusetts (or with a big presence in the state) since 2003. Others include Cloudant, Netezza, Unica, and Cognos.
Resilient Systems is at least the second Boston-area technology startup to be acquired in 2016. Earlier this month, consumer healthtech firm Runkeeper was bought by Asics for $85 million.