Continuing an acquisition spree designed to bolster its presence in the software service space, IBM today disclosed an agreement to buy Internet Security Systems Inc. (ISS), an Atlanta-based provider of network security software and services, in a cash transaction valued at approximately $1.3 billion.
If consummated, the purchase would be the fifth-largest acquisition in IBM's history. The announcement follows moves made by the industry giant earlier this month to acquire EAM (enterprise asset management) leader MRO Software Inc., document management systems stalwart FileNet Corp., and Web services systems integrator Webify Solutions. (Read more about IBM's recent acquisition flurry.) The deal, which must first be approved by ISS's shareholders and pass regulatory muster, is expected to close in the fourth quarter, IBM said.
Under terms of the agreement, ISS would operate as an independent business under its existing senior management within IBM's Global Services unit. ISS, a 14-year-old public company that has been an IBM partner since 1999, is on a revenue run rate of between $355 million and $360 million this year. It offers a variety of hardware devices, software platforms, and on-demand managed services built around a service-oriented architecture that is said to deliver preemptive protection of networked applications that run across the extended enterprise.
During an online press conference to announce the acquisition, ISS CEO Tom Noonan said his company's products are installed at 11,000 customers worldwide, including 17 of the world's largest banks, 15 of the largest governments, 11 of the top public insurance companies, and 13 of the world's top IT organizations. He declined to be more specific, citing customer confidentiality.
Working with IBM, he said, will give ISS the scale and wherewithal -- via IBM Global Services' evolving on-demand, infrastructure -- to serve the growing requirement for network application security within the corporate and public sectors. ISS services, he added, are "perfectly complementary" with IBM Global Services' offerings, "with little or no overlap."
ISS's hook-up with IBM, Noonan explained, is less about individual market segments and more about the need by enterprises of all sizes and shapes to more effectively guard their information assets. "It is not an industry-specific move, but a broad move within industry," he said. "Financial services, telecommunications, and other companies want to reduce the complexity and cost of supplying security [and] protecting and defending their networks."
The problem for most enterprises, officials of both companies noted, is that their reliance on network computing has outstripped their ability to cost-effectively secure their business-critical data. "Staying ahead of [this] is a full-time job," noted Valerie Rahmani, IBM Global Services' general manager of infrastructure management services during the press conference. "Our customers are telling us it's something they can't do alone."
The first decade of Internet-enabled applications was all about rapid build-out and spiraling infrastructure costs, Noonan said. Security meant guarding attacks made by unorganized hackers whose sole motivation "was disruption and notoriety," he explained.
The security industry, he said, responded with simple stove-piped products aimed at individually warding off viruses, worms, spyware, and e-mail spam. "The industry has come to the realization that the stove-piped, highly manual approach does not scale," Noonan said, noting that point products don't cut it when it comes to delivering accurate and cost-effective reporting for regulatory compliance purposes, and, more importantly, have become a maintenance strain for IT organizations.
The stakes are much higher today since network application downtime can undercut operational efficiency and worker productivity. Many of today's attacks are also more sophisticated and malicious, and often directed by "well-funded organized crime syndicates and underworld groups," he said. Enterprises large and small, Noonan said, need "an extensible platform delivered as a service" that can adapt to emerging threats and stop them before they can impact the business.
That is what ISS aims to do. It offers "protection on demand" that can be woven into a company's enterprise applications architecture as a software service. The software can be run internally or delivered by a trusted third-party. Customers, he added, benefit not only from gaining continuous access to upgrades that fend off new and mutating malware, but from the flexibility of being able to turn on or off security software services and reporting as need be.
While critical to all companies, more flexible and cost-effective data security is of particular concern to resource-strapped manufacturers that are becoming more reliant on networked applications within their enterprises, and as part of globally distributed design and supply chains. To facilitate more collaborative design and supply processes, manufacturers and their business partners are becoming more technologically interdependent. This can make their networks more vulnerable to digital intrusion, particularly when they are working with smaller companies that have only minimal security for their networks and can inadvertently become conduits for malware proliferation.
Through ISS, IBM's mission is to "keep customers protected ahead of a threat and limit the impact after," IBM Global Services' Rahmani said. In doing so, IBM now finds itself directly competing with Microsoft, which recently launched an on-demand security service to help customers better detect and purge malware from its desktop software, and long-time industry leader Symantec.
On-demand security services also play into the ongoing vendor consolidation trend, Noonan said. Recent market research suggests that CIOs at larger enterprises have on average reduced the number of security vendors they engage from over 30 to 22. Yet in what is becoming a highly fragmented market, "they continue to seek a partner to help build a blueprint for their security needs."
That's where IBM Global Services' more consultative approach will differentiate it from the pack. Global Services also plans to evolve ISS's application services in lock-step with IBM's Tivoli network systems management platform and other security enhancements made by its server hardware business unit to enable IBM to deliver "a complete solution on a global scale," Rahmani said.
To meet that goal, IBM Global Services will run ISS's X-Force preemptive security intelligence service (which ISS claims proactively protects networks with detailed analyses of global online vulnerabilities and threat conditions) from its global network of security operations centers, which includes sites in Tokyo, Brussels, Brisbane, Detroit, and Atlanta. IBM's security consultants and global sales force will also offer ISS's line of security appliances and software, and enable them to work with IBM as well as third-party products, services, and solutions. (ISS plans to maintain its partnerships with third-party systems integration and telecommunication services providers once the acquisition is completed.)
IBM's $28-per-share offer for ISS appeared to be greeted warmly by investors. ISS's stock closed the day at $27.62 a share, up 6% in intraday trading.