Feeds

IBM quietly shoves ISS wares into Tivoli

Services only, please

Top three mobile application threats

IBM Internet Security Systems (ISS) products have quietly been booted from Big Blue's global services business and into the ever-expanding Tivoli brand product line, The Register has learned.

IBM acquired ISS four years ago in a deal valued at an astounding $1.3bn. And though the Georgia-based firm was best known for its security software and appliances, what really attracted IBM to ISS was its managed security service offerings.

True to IBM's skewed intentions, ISS was given an awkward split from the outset. ISS software was integrated with the IBM Tivoli line, while ISS products like Proventia intrusion prevention boxes — which represented the vast majority of the firm's revenues — were vended through a separate business unit in IBM's global services organization. The very same business unit that would sell ISS security services and consulting.

The acquisition did provided ISS with a notable talent pool of security consultants, managed services, and the X-Force security research group for the new IBM Internet Security Systems unit. But many industry watcher were immediately skeptical as to exactly how ISS products fit into the services scheme. And long story short: it didn't. Even though it has taken four years for IBM to recognize the unit was lopsided.

"ISS's managed security services provider (MSSP) offerings are a good fit for IBM, whose own MSSP offering has performed poorly for years," Gartner wrote (PDF) in 2006 just days after the ISS purchase was announced. "The acquisition of ISS's network security product, however, seems less logical."

Fast forward to today, and IBM ISS lags behind Cisco, Juniper, and others in the security appliance market. And it's not a stretch to say IBM probably isn't the first name that pops into your head when you think security systems. According to IDC, IBM ISS accounted for 2.3 per cent of security appliance market revenue in Western Europe as of Q4 2008, behind Nokia (4.2 per cent), Fortinet (4.9 per cent), Juniper (9.9 per cent), and Cisco (with a huge lead at 25.5 per cent).

"The services organization is not provisioned to develop, maintain, and bring to market products," Amrit Williams, CTO of systems and security management software firm BigFix and one of the authors of the Gartner report, told El Reg. "They're provisioned to, basically, provide services."

Williams added: "The reality is that that Tivoli software team has better skill sets in maintaining and bringing products to market than the services group does."

The creaking wheels at IBM have finally moved to correct the split purposes of ISS. In January, the Big Blue quietly made the decision to slip ISS products from global services into its software group under the Tivoli banner.

Products making the change include:

  • IBM Virtual Server Security for VMware
  • IBM Proventia Management SiteProtector
  • IBM Proventia Server Protection
  • IBM Proventia Network Intrusion Prevention System

"The question here is whether IBM will be able to replicate the same selling strategy that ISS had — or that IBM wanted to adopt in the early days — which is, 'we'll sell you gear and we'll sell you services.'" Williams said. "I don't know how well IBM is able to do those kinds of cross-functional selling methods."

The decision does make sense in correcting how ISS was provisioned into IBM in the first place. But why it's taken IBM so long to recognize an incongruity that was plain to folks when the acquisition was announced back 2006 is less clear.

IBM essentially took a company that makes a majority of its revenue from product license revenue and made it into a services group. Moving the products to Tivoli illustrates that despite best efforts, IBM was never able to rationalize how it could sell product through a services team.

IBM declined to talk to El Reg about the change, but an announcement sent out to business partners this month indicate the migration will be formally unveiled on March 4.

A letter (PDF) sent to its business partners last Friday indicates that ISS services and consulting will remain in IBM global services as part of the Security Service Product Line.

"These actions strengthen IBM's Security Framework by driving a more integrated security portfolio and roadmap," the company wrote.

IBM's silence in the matter isn't really so surprising. After all, $1.3bn is a lot to pay for meal that you suck down the wrong pipe. ®

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.