IBM’s recent US$1.3 billion (NZ$2 billion) deal to acquire Internet Security Systems is fraught with pitfalls and possibilities: it gives Big Blue a major stake in the security game, but some wonder whether the company will know what to do with it.
In acquiring ISS — which makes Proventia intrusion-detection and prevention appliances and offers managed security services — IBM says it wants to boost its bottom line and its security profile. The acquisition comes less than two weeks after IBM unveiled a US$1.6 billion high-profile bid to acquire FileNet’s enterprise content-management software.
Lloyd Hession, chief security officer at finance industry networking specialist BT Radianz, says developing security products requires the ability to make significant investments to keep up with the latest threats and the fast pace of change. IBM has the kind of deep pockets that could greatly aid ISS in continuing to invest in R&D as it must do, he says.
“For ISS, it’s getting funding from IBM to keep these products viable,” Hession says. And by becoming part of IBM, ISS gains a lot of ground it doesn’t have now. “ISS will have a whole new sales channel,” he says.
The trend towards integrated packages such as Tivoli brings value when security products work within management suites, Hession notes. The potential drawback for ISS is it becomes “part of a large organisation, a small component in a huge IBM machine,” he says.
However, analysts question how easily and quickly IBM will be able to compete in the network-security arena, particularly against a key rival, Cisco.
“IBM is looking to increase revenue, but we just don’t think it makes sense for IBM to own network-security products,” says John Pescatore, security analyst at Gartner. “IBM has been successful in identity- and access-management software. But the name IBM doesn’t ring a bell to any network-security person. It’s not a brand to compete against Cisco in selling network-security products.”
Pescatore notes that IBM exited the firewall business five years ago. With the ISS acquisition IBM would be back in it, with ISS’s unified threat management appliances, which are a combination of multiple security protections. IBM expects to have its security consultants and global salesforce selling the ISS product line.
Analyst Paul Stamp at Forrester Research is more upbeat about the prospects of an IBM-ISS merger but also has reservations about how well IBM will fare in the world of network-security appliances.
“They’ve concentrated more on systems and applications than on network infrastructure in the past,” says Stamp. “However, with the [Micromuse acquisition] they’ve stepped up their management of networks, so securing [networks] is a natural extension. They’ll never be a Cisco but, for a company that’s approaching this from a unified management perspective, it’s a good choice,” he says.
Adopting the ISS platform model is what IBM says it wants to do in order to bolster its range of managed services on an outsourced basis.