Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


IBM Up-Ends Security Services Market

IBM's $1.3 billion buyout of ISS may signal large enterprises are more willing to embrace managed security services

An 800-pound gorilla threw its weight into the security market today, and analysts say the impact could send the industry reeling in a whole new direction.

IBM earlier today bought Internet Security Systems (ISS), one of the industry's oldest and best-known independent security vendors, for a tidy $1.3 billion in cash. Big Blue, which has made four other acquisitions in the last month, says it will keep ISS intact as an independent unit and will not lay off any of its workers. (See IBM Buys ISS.)

But IBM clearly has new plans for ISS. The security software vendor, which has been a supplier of point products for more than a decade, will be integrated into Big Blue's managed security services business, transforming it from software vendor to service provider in a single move.

"Our managed security services and on-demand capabilities have consistently been one of our strongest growth areas up to now, and that's been almost entirely driven by customers who say they want security as a service," says Tom Noonan, CEO of ISS, who will stay on to head up IBM's security business.

With their joint entry into the managed services arena, IBM and ISS will challenge popular industry notions that such services are only for small businesses that lack security expertise, and that large enterprises would never consider handing over their security functions to an outsourcing vendor.

"We see a $22 billion market opportunity in managed security services, and we intend to offer a single solution for companies that have not felt comfortable outsourcing until now," says Val Rahmani, general manager for IBM's Infrastructure Management Services unit.

"IBM has been showing a tendency to move back, in many ways, to the old mainframe days, where it owned an account top to bottom," says Rob Enderle, president of the Enderle Group, an IT consultancy. "Personally, I'm one of the folks that believe the security of a solution should be the responsibility of the solution owner, and it appears that vendors like Microsoft and IBM agree."

IBM's move also is a watershed in the evolution of the security industry, which has been consolidating and shrinking, experts say. "I think this acquisition is definitely part of an overall trend, where the more mature parts of the security industry -- things like firewalls -- are aggregated into fewer, larger companies," says Robert Richardson, editorial director at the Computer Security Institute. "We'll still see lots of smaller companies and lots of competition in the more cutting-edge areas of security, but companies that offer staples of security have got to get large, in one way or another, if they're going to survive."

Noonan concurs with that assessment. "In our research, we found that large enterprises already have trimmed the number of [security] vendors they support from more than 30 to about 22," he says. The demands of more targeted attacks, combined with the struggle to meet regulatory requirements, have left many IT managers looking for a way to further consolidate their security efforts, he says.

The IBM-ISS merger "indicates a move to integrate security which may, eventually, largely eliminate standalone products if the trend continues," Enderle says. "Buyers should immediately look for trends like this and make their product choices accordingly. The best odds are to go with the [multi-product] solution provider, and that is likely where the long term future for the class will reside."

Officials declined to give details on how the ISS products and strategies will be integrated (or replace) technologies and architectures already offered by IBM's Tivoli unit. They said the Tivoli products are "complementary" to ISS and they will look to work with Tivoli in the future.

The officials also did not give any guidance on how the acquisition will affect IBM's relationships with other security vendors. Big Blue has been carefully vendor-neutral in its approach to managed services in the past, but it seems unlikely that the company will be able to maintain that stance as it integrates the ISS technology into its offerings.

Rahmani did say that the ISS standalone software offerings will continue to be a part of its business, but the thrust of the announcements clearly focused on the ability of ISS to help Big Blue with its managed services offerings.

The acquisition comes less than two months after IBM storage rival EMC picked up RSA Security for $2.1 billion. (See EMC Secures RSA for $2.1B.) Analysts say the acquisitions aren't directly related, but they underscore the importance large systems vendors place on having security products and services.

So is IBM feeling some heat?

"I don't know if I'd call it reactive," says Pund-IT analyst Charles King. "RSA had been shopping itself for some time, and I assume they probably spoke with IBM. But a deal that size [EMC-RSA] probably woke up a lot of larger vendors that this is going to be a major issue going forward, and it's better having the IP and services in house than relying on partners.

"Owning the security piece is pretty critical. If you're partnering for it, and you're fairly far along in development, and your partner is bought out from under you, then what do you do?"

John Oltsik of Enterprise Strategy Group says IBM already had products and services competitive to RSA.

"IBM already plays in the RSA space, and they have products and services that RSA offers where EMC really doesn't have anything that ISS has," Oltsik says. "The only thing that is similar is when EMC wanted to jump into the security space they went for a household brand. ISS is also highly regarded in security space, so it helps them articulate their security strategy when they have a good brand associated with it."

— Tim Wilson, Site Editor, Dark Reading and Dave Raffo, News Editor, Byte and Switch

  • EMC Corp. (NYSE: EMC)
  • The Enterprise Strategy Group (ESG)
  • IBM Corp. (NYSE: IBM)
  • IBM Internet Security Systems
  • Pund-IT Inc.
  • RSA Security Inc. (Nasdaq: EMC)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
    Cybersecurity: What Is Truly Essential?
    Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
    3 Cybersecurity Myths to Bust
    Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: Google Maps is taking "interactive" to a whole new level!
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-05-18
    RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
    PUBLISHED: 2021-05-18
    There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
    PUBLISHED: 2021-05-18
    A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
    PUBLISHED: 2021-05-18
    TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.
    PUBLISHED: 2021-05-18
    A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.