The sale comes amid a consolidation in the cyber-sector and a decline in valuations of public and private cyber-firms. Some investors believe the companies were overvalued after a host of headline-grabbing hacks against the US government and major corporations increased interest in the market.
Terms of the deal were not disclosed. The acquisition is being announced during the RSA security conference in San Francisco and expected to close later this year subject to regulatory review.
IBM said it intends to retain the roughly 100 employees working at Resilient Systems, including Chief Executive Officer John Bruce, a former vice president at Symantec, and Chief Technology Officer Bruce Schneier, a prominent cryptographer, security blogger and author.
"Our intent is all these guys are going to come on board," said Marc van Zadelhoff, general manager of IBM Security, told Reuters. "You acquire technology, but you really want to acquire people."
Known as Co3 Systems when it was founded in 2010, Resilient Systems has become a leading player in the high-demand field of incident response by helping private and government customers prepare for, detect and mitigate cyber-breaches, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group.
Incident response is "hot in the market," Oltsik said. "Customers are spending a lot of money on cyber-security to address their shortcomings."
The acquisition comes against the backdrop of a US cyber-security market slogging through a funding slump, forcing some startups to sell themselves or cut spending.
IBM also said on Monday it is creating X-Force Incident Response Services, which will leverage Resilient Systems' technology and talent to help clients identify and respond to cyber-threats.
The X-Force service will also rely on a new partnership with cyber-firm Carbon Black, which IBM said will help its analysts conduct security forensics on compromised endpoint devices and discover where a breach first occurred.
© Thomson Reuters 2016