IBM Security's new signal caller announces a West Coast offense

Marc van Zadelhoff has an exciting new strategy for IBM Security

Here's a cybersecurity highlight reel from this past Monday...

The IBM building in Cambridge, Mass., is shaking from the IBM Security team members who are stomping their feet and chanting:

Everywhere we go, Everywhere we go,
people wanna know, people wanna know,
who we are, who we are,
so we tell them, so we tell them,
We Are The Blue Team!, We Are The Blue Team!,
The Mighty Mighty Blue Team!, The Mighty Mighty Blue Team!...

Brandon Hanningan, general manager at IBM's $1.5 billion security business unit, walks to the sidelines where he high-fives Marc van Zadelhoff, Vice President, Strategy and Product Management at IBM Security.

Van Zadelhoff marches on to the field as the new starting quarterback at IBM Security, after his recent promotion to GM. In his first action as signal caller this week - before the new title becomes official (in January) - he executes a remarkable play that IBM seemingly pulled out of's playbook.

On first and 10 from his own 20-yard-line, van Zadelhoff takes the snap... drops back... and throws a deep spiral 50 yards downfield to wide-out Patrick Morley, CEO at Bit9 + Carbon Black, who catches the pigskin and runs into the end zone for the score.

The opposition? There was none on Monday. It was a practice day for IBM Security, when the team pre-announced its exciting new west coast offense dubbed "App Exchange". A limited number of media were briefed by van Zadelhoff, a nine-year IBM veteran, as he worked out with some IBM Security Partners while they prepared for the official announcement the following day.

Let's examine the play a little more closely.

Van Zadelhoff announced the IBM Security "App Exchange". The name bears a striking resemblance to's "AppExchange" ... as the only difference between the two is a space between the two word platform name in IBM's. As the name implies, the game plan for IBM Security is an offshoot of's successful business model., headquartered in San Francisco, became king of the hill in the online CRM (customer relationship management) market and built up a multi-billion dollar business in the cloud with a unique business model. They provided their CRM app as a platform and the general workings of a sales automation system -- and then certified a global community of developers who built add-on apps to enhance the functionality of the Salesforce CRM system. Salesforce evolved its core App into marketing automation, customer support, and other areas -- and a growing base of partners built add-on apps for those functions. Today the AppExchange is the world’s leading business app marketplace.

In the huddle, van Zadelhoff calls the play. He tells Bit 9 + Carbon Black's Morley that IBM is opening its security analytics platform, IBM Security QRadar, enabling partners to build custom apps that take advantage of the platform’s advanced security intelligence capabilities. QRadar uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, including almost half of the Fortune 100.

Morley lines up wide and runs the route - announcing his developers have built one of the early apps for QRadar - which enables users to see threats more quickly and stop them before they can do damage. That's a big score for IBM Security. Bit 9 + Carbon Black is the endpoint security market share leader according to IDC, and exactly the type of partner IBM will need to recruit in order to scale up their App Exchange network.

Heading in to 2016, its game time for IBM Security and you can still hear the background chant - The Mighty Mighty Blue Team! -The Mighty Mighty Blue Team!...

​IBM Security is in fact a mighty strong player. It is a $1.5 billion business after digesting 15 security acquisitions over the past 10 years. Research firm Gartner calls the company the largest security vendor selling exclusively to enterprises. But IBM is going to need all of the cheerleading and momentum it can generate as IBM Security gets ready to take on the competition - namely the other big security vendors who are armed with their own vulnerability platforms and partner programs. 2016 is shaping up to be the year that major security vendors square off against each other in brawls for larger enterprise security deals.

The IBM Security business unit currently contributes roughly 2 percent of IBM Corp.'s total revenues. And it is the slowest growing unit behind IBM's other next generation technologies which include cloud, big data, analytics, and mobile.

IBM Security needs to execute throughout 2016 with their new west coast offense to score the dozens if not a hundred or more partners it will need to populate its App Exchange with enough Apps to whet the appetites of CISOs (chief information security officers) and IT security executives at Global 2000 corporations. That is the sweet spot for IBM - and it will have to own it if the company is going to move the needle on its security business from $1.5 billion to a number big enough - perhaps one with another zero at the end of it - for the IBM Security business to show up more substantially at the corporation's quarterly earnings announcements.

Van Zadelhoff looks very sharp this week, and he is delivering a crisp message to the cyber community. “We need to remember that 80% of cybercrime is committed by highly organized gangs that are sharing data and applications” says van Zadelhoff. “Unfortunately, sharing is not happening at the same scale between the good guys looking to defend themselves against attacks.”

Early indications suggest his message is being well received. An impressive group of IBM Security partners have already developed dozens of apps for the App Exchange... and more are in the works.

According to industry researchers, the worldwide cybersecurity market is estimated to grow from $77 billion in 2015 to $170 billion by 2020. That means $100 billion is up for grabs over the next five years. IBM does not have the luxury of time when you consider its 14 consecutive quarters of sales declines as the company struggles to transition from legacy mainframe hardware and consulting services to its next generation businesses. It will be interesting to see if van Zadelhoff can run a hurry-up offense and keep scoring with new partners. Some of those partners could wind up as acquisition targets --- and acquisitions may prove to be the straightest path to putting another zero at the end of IBM Security's annual revenue figures.

A short apology here from the author. If you aren't a football fan and couldn't completely follow - I'm sorry. But I couldn't resist.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attackcyber security

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Morgan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place