IBM has bought database security vendor Guardium and is set to roll the company's products into the IBM Information on Demand product portfolio.

Guardium makes technology for provides real-time monitoring of database activity, allowing companies to detect fraud, outside attacks and other illegal activities. The privately-held company has about 150 employees and 400 customers, according to CEO Ram Metser. 

Guardium and its competitor Imperva have been the subject of acquisition rumours for more than a year, according to Adrian Lane, an analyst with Securosis.

"Guardium is one of the only firms still standing with a mainframe monitoring solution, which is a major prerequisite for much of IBM's customer base. From the IBM perspective, the functionality makes sense and fits well into some of their existing security products," Lane wrote in a blog post. "From an architectural standpoint, integration (as opposed to just sharing data and events) will be a challenge."

Currently, Guardium's software supports a wide range of database platforms and IBM has no plans to change that, given the heterogenous nature of its customers' IT environments, according to Arvind Krishna, general manager in the IBM Information Management division.

"We have to be able to support them, and only expect to add [more platform support] over time," Krishna said.

Meanwhile, the deal leaves other vendors in the space "a little more valuable," Lane said in his blog post. "There remain a lot of firms like EMC, McAfee, Oracle, Symantec, and others who would really benefit from gaining DAM technology, so I expect additional acquisitions in the next 6 months."

Such a roll up could "spell great news in the coming years, in the form of increased quality, better-integrated server agents and one-stop shopping - not to mention the rapidly increasing possibility to think of database vendors as being part of the solution when firms move to establish enterprise-wide data security (or anti-data-loss) programs," said Nick Selby, managing director of security consultancy Trident Risk Management.

(Robert McMillan in San Francisco contributed to this report.)