IBM's bid for ISS to broaden security portfolio

IBM Corp.'s move to buy Internet Security Systems Inc. (ISS) is another example of the company's strategy to grow its product offerings and expertise in key areas through acquisition.

Should IBM's $1.3 billion offer for ISS be successful, it will be the vendor's fifth-largest purchase. It comes less than two weeks after IBM unveiled a $1.6 billion bid to acquire FileNet for its enterprise content management software. Subject to regulatory and ISS shareholder approval, IBM is hoping to close the purchase of ISS in the fourth quarter, the vendor said Wednesday.

ISS provides software, hardware, services and consulting designed to pre-emptively protect more than 11,000 global customers' desktop PCs, servers and computer networks against Internet security threats such as viruses and other malware. Among the company's competitors are Symantec Corp. and McAfee Inc.

"Security is a strategic growth area for IBM," Val Rahmani, general manager of infrastructure management services, IBM Global Services, said during a Wednesday conference call. ISS will bolster IBM's position in managed services in particular, he said.

Rahmani estimated that the managed security services market alone is a $22 billion industry as more customers look to outsource their IT security management to trusted third parties. IBM is keen to leverage the work ISS has already done on providing "security on-demand," she said, to automate more security functions so that customers don't have to activate them manually.

"We share a vision to globally manage all a customer's security concerns in a simple and automated way," Rahmani said. Tom Noonan, president and chief executive officer of ISS, agreed, saying that the current industry approach to Internet security is no longer adequate to combat the threats posed by highly organized and well-funded groups of hackers. "We bought antivirus to stop viruses, antispyware to stop spyware, e-mail protection to stop spam," he said. "None of it scales to meet the needs of tomorrow."

As it has with other recent acquisitions, IBM intends to keep ISS' existing operations intact as much as possible. It will run it as an integrated unit within its Infrastructure Management Services operation, part of IBM Global Technology Services. "We don't want to disrupt it in any sense," Rahmani said, adding that IBM has no intention of reducing ISS headcount from its current level of around 1,300 staff.

"We were here when the security page was blank, over the past 12 years we have written much of our industry's history," Noonan said. "We're ready to step up to the challenge again." He confirmed he plans to move over to IBM as will ISS founder Christopher Klaus.

In the face of growing commoditization in the Internet security software and services market ISS helped to establish, the company needed to reinvent itself, according to Jon Oltsik, senior analyst at Enterprise Strategy Group. "ISS was in security no-man's land," he said, "They were respected, but they weren't big enough to make the next leap" to becoming an enterprise security services vendor.

IBM's bid for ISS came as a bit of surprise, Oltsik said. With ISS providing network security devices, a company such as Nortel Networks Corp. or Foundry Networks Inc. might have been a more likely candidate.

However, the combination of IBM and ISS will give IBM "arguably the broadest security reach of any company," Paul Stamp, senior analyst at Forrester, said. IBM will be able to take the security know-how of ISS and provide that knowledge and technology to customers in several different ways through services and software as well as building it into IT support contracts, he added.