Feeds

IBM quietly shoves ISS wares into Tivoli

Services only, please

Internet Security Threat Report 2014

IBM Internet Security Systems (ISS) products have quietly been booted from Big Blue's global services business and into the ever-expanding Tivoli brand product line, The Register has learned.

IBM acquired ISS four years ago in a deal valued at an astounding $1.3bn. And though the Georgia-based firm was best known for its security software and appliances, what really attracted IBM to ISS was its managed security service offerings.

True to IBM's skewed intentions, ISS was given an awkward split from the outset. ISS software was integrated with the IBM Tivoli line, while ISS products like Proventia intrusion prevention boxes — which represented the vast majority of the firm's revenues — were vended through a separate business unit in IBM's global services organization. The very same business unit that would sell ISS security services and consulting.

The acquisition did provided ISS with a notable talent pool of security consultants, managed services, and the X-Force security research group for the new IBM Internet Security Systems unit. But many industry watcher were immediately skeptical as to exactly how ISS products fit into the services scheme. And long story short: it didn't. Even though it has taken four years for IBM to recognize the unit was lopsided.

"ISS's managed security services provider (MSSP) offerings are a good fit for IBM, whose own MSSP offering has performed poorly for years," Gartner wrote (PDF) in 2006 just days after the ISS purchase was announced. "The acquisition of ISS's network security product, however, seems less logical."

Fast forward to today, and IBM ISS lags behind Cisco, Juniper, and others in the security appliance market. And it's not a stretch to say IBM probably isn't the first name that pops into your head when you think security systems. According to IDC, IBM ISS accounted for 2.3 per cent of security appliance market revenue in Western Europe as of Q4 2008, behind Nokia (4.2 per cent), Fortinet (4.9 per cent), Juniper (9.9 per cent), and Cisco (with a huge lead at 25.5 per cent).

"The services organization is not provisioned to develop, maintain, and bring to market products," Amrit Williams, CTO of systems and security management software firm BigFix and one of the authors of the Gartner report, told El Reg. "They're provisioned to, basically, provide services."

Williams added: "The reality is that that Tivoli software team has better skill sets in maintaining and bringing products to market than the services group does."

The creaking wheels at IBM have finally moved to correct the split purposes of ISS. In January, the Big Blue quietly made the decision to slip ISS products from global services into its software group under the Tivoli banner.

Products making the change include:

  • IBM Virtual Server Security for VMware
  • IBM Proventia Management SiteProtector
  • IBM Proventia Server Protection
  • IBM Proventia Network Intrusion Prevention System

"The question here is whether IBM will be able to replicate the same selling strategy that ISS had — or that IBM wanted to adopt in the early days — which is, 'we'll sell you gear and we'll sell you services.'" Williams said. "I don't know how well IBM is able to do those kinds of cross-functional selling methods."

The decision does make sense in correcting how ISS was provisioned into IBM in the first place. But why it's taken IBM so long to recognize an incongruity that was plain to folks when the acquisition was announced back 2006 is less clear.

IBM essentially took a company that makes a majority of its revenue from product license revenue and made it into a services group. Moving the products to Tivoli illustrates that despite best efforts, IBM was never able to rationalize how it could sell product through a services team.

IBM declined to talk to El Reg about the change, but an announcement sent out to business partners this month indicate the migration will be formally unveiled on March 4.

A letter (PDF) sent to its business partners last Friday indicates that ISS services and consulting will remain in IBM global services as part of the Security Service Product Line.

"These actions strengthen IBM's Security Framework by driving a more integrated security portfolio and roadmap," the company wrote.

IBM's silence in the matter isn't really so surprising. After all, $1.3bn is a lot to pay for meal that you suck down the wrong pipe. ®

Internet Security Threat Report 2014

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
Netscape plugins about to stop working in Chrome for Mac
Google kills off 32-bit Chrome, only on Mac
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.