IBM broadens security portfolio with ISS

IBM is so massive, so wealthy and has its hands in so many enterprise pies that it’s easy to find wisdom in pretty much any acquisition decision the company makes. In recent weeks, those decisions have been coming hot and heavy: SOA vendor Webify and asset management company MRO, then content management firm FileNet for $1.6 billion.

But when IBM said on Wednesday that it planned to buy Internet Security Systems (ISS) for $1.3 billion, industry watchers scratched their heads and said, “Huh?”

On the surface, the deal makes good sense. Buying ISS is a piece of IBM’s strategy to grow its product offerings and expertise in security.

“ISS will bolster IBM’s position in security, specifically managed services, and create the world leader in Internet security services,” said Val Rahmani, general manager of infrastructure management services at IBM Global Services.

But analysts note that much of ISS’s actual revenue comes from the sale of security hardware such as IDS appliances, not services.

“The managed services make a lot of sense, but not the IDS,” said John Pescatore, an analyst at Gartner. “IBM sold its firewall and got out of the security hardware business almost six years ago, along with HP, Sun, and Novell.”

Companies in the market for gigabit-speed network security gear are more likely to turn to established players such as CheckPoint, Cisco, Juniper, or 3Com. IBM will also have to commit resources to keep ISS’s network security gear competitive, Pescatore said.

A company such as Nortel or Foundry might have been a better suitor for ISS, which was having trouble making the leap to being a full-service enterprise security vendor, said Jon Oltsik, senior analyst at Enterprise Strategy Group.

Still, the combination of IBM and ISS will give IBM “arguably the broadest security reach of any company,” said Paul Stamp, senior analyst at Forrester. And IBM could make ISS’s products a profitable component of a larger managed security services offering, Pescatore said.