Accenture is to acquire the iDefense Security Intelligence Services business from Verisign. This deal will strengthen Accenture’s Cyber Defense Services division. It adds threat intelligence that Accenture will embed into services it manages for client. This will be easier than it sounds as iDefense already has its own APIs. It also has its own analysis platform, IntelGraph which Accenture will be keeping.
According to Kelly Bissell, managing director of Accenture Security: “There simply isn’t enough time, budget or human resources to defend against every imaginable attack scenario or adversary without intelligent systems and automation. That’s why having the best available threat intelligence is critical to helping us protect our clients’ entire value chains, allowing them to focus on innovation and growth. We are confident that the collective capabilities of Accenture Security and iDefense can help organizations better understand where threats are coming from and adjust protections before damage is done.”
The press release did not say what Accenture is paying for the iDefense unit. Interestingly the announcement came as Verisign announced its 2016 results. These show a strong Q4 and year on year revenue growth of 7.8%. Verisign also has $1.8bn cash and equivalents and cash securities on hand. This is not, therefore, an asset disposal to boost the balance sheet. It does suggest that Verisign is building a war chest for future acquisitions of its own.
Threat intelligence – a new gold rush?
The last two years has seen a rush to get into threat intelligence by the big security vendors. Last year saw the OASIS standards committee look to create a standard for threat intelligence. The OASIS Cyber Threat Intelligence (CTI) TC brings CybOX, STIX and TAXII into a single standard. It is hoping that other threat intelligence vendors will also begin to standardised their offerings.
The need for a standard was becoming essential. There are at least 12 different threat intelligence engines around. This was creating a problem for ISVs and enterprises in deciding where to get data from and where to send data they have gathered. IT security teams want access to threat intelligence data is to speed up the identification of threats. They take data from their own networks such as log files and security alerts and compare them to data from other organisations. The more data, the easier it is to detect patterns.
Threat intelligence data is also key to the growing number of machine learning, AI and cognitive security solutions. They all rely on very large volumes of data to enable them to identify attacks. For their systems to be effective they want to do the data gathering and analysis in as close to real-time as possible. Standardisation of the threat intelligence interfaces helps with this.
Accenture believes private data sources better than public
Accenture wants iDefense to get access to its 18 years of threat intelligence. It believes that having its own very large pool of threat intelligence data will speed up detection of threats. In the press release it said: “Accenture will fuel its cybersecurity platform with these capabilities to enhance its ability to inform clients where threats are forming and coming from, and what actions to take – much earlier than other providers who leverage public data feeds.”
Two years ago IBM pushed all its threat data into the public domain. IBM told journalists and analysts that this was about creating the biggest possible pool of data to improve threat detection. It seems Accenture has a different perspective. It may choose to import public data but doesn’t say if it will then share the iDefense data with others.
There is a risk here. By only going with proprietary data you create an echo chamber around your clients. New attacks can slip by because there is not enough data to identify them by. Not sharing with other vendors also means that data gathered is not used in wider analysis. The anti-virus and endpoint detection industry realised this some years ago and now shares a lot of data.
This is a good deal for Accenture. It continues its move to build one of the biggest and most comprehensive security platforms for governments and blue chip customers. It also brings a number of new blue chip clients with it. This should mean that Accenture will have little trouble recovering whatever it is spending to acquire iDefense.