Analysis: IBM Deal With ISS Means Trouble For Check Point, McAfee

If you weren't sure security convergence was happening before, IBM's acquisition of ISS leaves no doubt that it's in full swing.

Big Blue's purchase of ISS, while providing a dramatically enhanced commitment to the security market, doesn't actually give the company a lot of new technology.

"The [ISS portfolio] has some overlap with IBM's Tivoli products," says Allan Krans, an analyst with Technology Business Research (TBR). "It doesn't add a lot of functionality to their product lines, but it expands their customer base, their channel relationships and their services expertise." ISS has increased its channel revenue from about 50 percent to more than 80 percent in the past year or two.

Krans says that this $1.3 billion purchase by IBM, combined with the deal announced a few weeks ago to buy document manager software developer FileNet, shows IBM's commitment "to achieve organic software revenue growth, and is using acquisitions to fuel revenue expansion within its software business" by "adding customers, market share and revenue to its software division and expand opportunities for its slow growing Global Services division."

Since the beginning of August, IBM also has announced plans to purchase asset and service manager application developer MRO Software and SOA developer Webify Solutions, meaning IBM has spent more on M&A in one month than it did all last year.

Krans says that adding managed security services from ISS is a key motivator for the purchase. ISS adds about 100 security services consultants to the 3,500-person IGS security lineup, and they'll be used largely to help deploy IBM's software-as-a-service (Saas) initiatives.

The other key effect of the deal is to cast further doubt on the standalone viability of security vendors such as Check Point and McAfee, and the acquisition also will provide new challenges to Symantec's business, particularly in email protection and antivirus software and in assessment and managed security services.

"McAfee has more inroads with ISPs and has a strong channel, but Check Point is a VPN and firewall company, and that's a technology that's consolidating," Krans says. "Check Point is now competing with some of the largest vendors in the IT industry, including IBM, Microsoft and EMC."

He posits that Check Point may be the next logical acquisition target and Symantec, of all companies, may be the most likely one to try and buy Check Point when all the dust settles. "For all Check Point's difficulties, it's a leader in the industry with high profit margins and strong channel relationships," Krans says. "Symantec could learn from Check Point's channel expertise and get a proven VPN solution that will help them compete in the marketplace."

With IT security concerns dictating and dominating the operations of businesses of all sizes, along with the everyday lives of consumers, the notion of a standalone security company is starting to seem rather quaint. The key for the remaining independent security vendors is to align themselves with whichever company gives them the best chance to keep stamping their brand on new products and solutions. Those that stubbornly refuse to heed the call of consolidation run the risk of becoming obsolete.