Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


IBM Up-Ends Security Services Market

IBM's $1.3 billion buyout of ISS may signal large enterprises are more willing to embrace managed security services

An 800-pound gorilla threw its weight into the security market today, and analysts say the impact could send the industry reeling in a whole new direction.

IBM earlier today bought Internet Security Systems (ISS), one of the industry's oldest and best-known independent security vendors, for a tidy $1.3 billion in cash. Big Blue, which has made four other acquisitions in the last month, says it will keep ISS intact as an independent unit and will not lay off any of its workers. (See IBM Buys ISS.)

But IBM clearly has new plans for ISS. The security software vendor, which has been a supplier of point products for more than a decade, will be integrated into Big Blue's managed security services business, transforming it from software vendor to service provider in a single move.

"Our managed security services and on-demand capabilities have consistently been one of our strongest growth areas up to now, and that's been almost entirely driven by customers who say they want security as a service," says Tom Noonan, CEO of ISS, who will stay on to head up IBM's security business.

With their joint entry into the managed services arena, IBM and ISS will challenge popular industry notions that such services are only for small businesses that lack security expertise, and that large enterprises would never consider handing over their security functions to an outsourcing vendor.

"We see a $22 billion market opportunity in managed security services, and we intend to offer a single solution for companies that have not felt comfortable outsourcing until now," says Val Rahmani, general manager for IBM's Infrastructure Management Services unit.

"IBM has been showing a tendency to move back, in many ways, to the old mainframe days, where it owned an account top to bottom," says Rob Enderle, president of the Enderle Group, an IT consultancy. "Personally, I'm one of the folks that believe the security of a solution should be the responsibility of the solution owner, and it appears that vendors like Microsoft and IBM agree."

IBM's move also is a watershed in the evolution of the security industry, which has been consolidating and shrinking, experts say. "I think this acquisition is definitely part of an overall trend, where the more mature parts of the security industry -- things like firewalls -- are aggregated into fewer, larger companies," says Robert Richardson, editorial director at the Computer Security Institute. "We'll still see lots of smaller companies and lots of competition in the more cutting-edge areas of security, but companies that offer staples of security have got to get large, in one way or another, if they're going to survive."

Noonan concurs with that assessment. "In our research, we found that large enterprises already have trimmed the number of [security] vendors they support from more than 30 to about 22," he says. The demands of more targeted attacks, combined with the struggle to meet regulatory requirements, have left many IT managers looking for a way to further consolidate their security efforts, he says.

The IBM-ISS merger "indicates a move to integrate security which may, eventually, largely eliminate standalone products if the trend continues," Enderle says. "Buyers should immediately look for trends like this and make their product choices accordingly. The best odds are to go with the [multi-product] solution provider, and that is likely where the long term future for the class will reside."

Officials declined to give details on how the ISS products and strategies will be integrated (or replace) technologies and architectures already offered by IBM's Tivoli unit. They said the Tivoli products are "complementary" to ISS and they will look to work with Tivoli in the future.

The officials also did not give any guidance on how the acquisition will affect IBM's relationships with other security vendors. Big Blue has been carefully vendor-neutral in its approach to managed services in the past, but it seems unlikely that the company will be able to maintain that stance as it integrates the ISS technology into its offerings.

Rahmani did say that the ISS standalone software offerings will continue to be a part of its business, but the thrust of the announcements clearly focused on the ability of ISS to help Big Blue with its managed services offerings.

The acquisition comes less than two months after IBM storage rival EMC picked up RSA Security for $2.1 billion. (See EMC Secures RSA for $2.1B.) Analysts say the acquisitions aren't directly related, but they underscore the importance large systems vendors place on having security products and services.

So is IBM feeling some heat?

"I don't know if I'd call it reactive," says Pund-IT analyst Charles King. "RSA had been shopping itself for some time, and I assume they probably spoke with IBM. But a deal that size [EMC-RSA] probably woke up a lot of larger vendors that this is going to be a major issue going forward, and it's better having the IP and services in house than relying on partners.

"Owning the security piece is pretty critical. If you're partnering for it, and you're fairly far along in development, and your partner is bought out from under you, then what do you do?"

John Oltsik of Enterprise Strategy Group says IBM already had products and services competitive to RSA.

"IBM already plays in the RSA space, and they have products and services that RSA offers where EMC really doesn't have anything that ISS has," Oltsik says. "The only thing that is similar is when EMC wanted to jump into the security space they went for a household brand. ISS is also highly regarded in security space, so it helps them articulate their security strategy when they have a good brand associated with it."

— Tim Wilson, Site Editor, Dark Reading and Dave Raffo, News Editor, Byte and Switch

  • EMC Corp. (NYSE: EMC)
  • The Enterprise Strategy Group (ESG)
  • IBM Corp. (NYSE: IBM)
  • IBM Internet Security Systems
  • Pund-IT Inc.
  • RSA Security Inc. (Nasdaq: EMC)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    7 Old IT Things Every New InfoSec Pro Should Know
    Joan Goodchild, Staff Editor,  4/20/2021
    Cloud-Native Businesses Struggle With Security
    Robert Lemos, Contributing Writer,  5/6/2021
    Defending Against Web Scraping Attacks
    Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-05-15
    A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
    PUBLISHED: 2021-05-15
    DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
    PUBLISHED: 2021-05-14
    The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
    PUBLISHED: 2021-05-14
    In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
    PUBLISHED: 2021-05-14
    The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.