21
Thu, Nov
1 New Articles

IBM Buys Internet Security Systems

Commentary
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Last week, IBM announced that it would acquire Internet Security Systems, Inc. (SSI), the Atlanta-based corporation that provides managed security threat solutions to thousands of companies and governments around the world. ISS has been around since 1994, when this issue of Internet security was just beginning to be a concern to network administrators.

Milk and Cookies: From Rags to Riches

The ISS story is, in great part, a tale of a kid named Christopher Klaus who, in 1991, was working as an intern at the U.S. Department of Energy. Klaus saw an opportunity to write some software that would analyze the network and identify and correct security weaknesses in the infrastructure. He started selling his Internet Security Scanner product out of his grandmother's house in 1994 at the age of 19.

One imagines Klaus' grandma serving up a batch of Tollhouse cookies with every diskette sent out the door, but this scene quickly changed as the Internet revolution exploded on the scene. Why? Because ISS went public four years later and obtained about $3 million in venture capital in 1996.

Last week, IBM said it was buying the entire organization for about $1.3 billion.

From Milk and Cookies to Internet Cookies and Network Security

The success of ISS is more than a story of a kid making a fortune. It's a story about how burgeoning technology (the Internet) begets dangerous problems (network security, viruses, etc.) that require immediate products or solutions (network monitors, anti-virus software, etc.), which subsequently evolve into commercial behemoths (ISS, Symantec, etc.). Along the way, an industry sector is built, intellectual property is created, patents and trademarks are developed, and laws are written and modified to protect those who have ridden the financial waves of change.

In this environment, eventually the market needs to get organized, and the only step forward for industry growth has to come from a global marketplace, with specific requirements for security set by governments working in unison. Without such requirements, the market remains a free-for-all for any vendor with a product.

Fortunately, ISS today has product and service offerings that cover the entire realm of IT security, and IBM has had a long-standing relationship with the company, stretching back to the first days of ISS's Internet Security Scanner product. As potential Internet threats have exploded over the last 10 years, ISS—with the help of IBM Services—has penetrated the burgeoning market with amazing aplomb. Now the scene is being set for true dominance, and that is why IBM is making this acquisition.

The Cybercrime Market

Of course, 20 years ago, public networks of the size and scope of the Internet were inconceivable to most IT or IS security administrators: The world seemed much more contained, and the steps required to protect the information assets of a corporation were better understood. Customers relied upon computer manufacturers to provide the infrastructure for security. The security architectures of computer operating systems themselves, such as the OS/400 security architecture developed for the AS/400, were well-designed to require no more than central administration. The thought that one could build a company—much less an industry sector—on a concept of protecting the network from intruders, spam, virus attacks, or the thousand other threats that we fear today seemed overly paranoid. Why would anyone build such an open public network? Why would any corporation choose to use it? Then along came Windows and the Internet!

Today, of course, it's taken for granted that we're all just a keystroke away from catastrophe, with hackers lurking just beyond our firewalls, hackers who are continually probing the network for holes in our defenses.

IBM's purchase of ISS—particularly to enhance its own offerings in Managed Security Services offerings—is a tacit acknowledgement that there is no "solution" to network security threats, but only strategies to minimize the damage. Any person with the right twist of mind can walk into the corner Radio Shack and build a device that can jam a corporate wireless network. Any person with the appropriate computer skills can develop the next catastrophic Internet virus or worm. Highly technical network devices, such as DNS routers, have been proven to be vulnerable to corruption by DNS poisoning, a process by which the entire Internet can be hijacked to redirect specific traffic to bogus sites.

It's no wonder then that the fastest-growing e-business today is not in e-retail, e-manufacturing, e-security, or even e-pornography, but is instead defined by the industry sector called—for lack of a better word—cybercrime. Cybercrime includes identity theft, bogus electronic transactions, phishing, hijacked computers running robot code for distributing spam, viruses, or other misinformation—any crime that uses a computer attached to the Internet as its primary tool.

A Market Worth Billions

The FBI estimated that cybercrime cost citizens and corporations about $400 billion in 2004. (Estimates are still not available for 2005, but it's doubtful that the amount has decreased.) According to a report commissioned by the anti-virus giant McAfee, prior to 2000, cybercriminals acted alone in committing the majority of cybercrimes, usually in an attempt to attain notoriety within the cyber world. However, since 2000, there's been a shift: Organizations of criminals have entered the budding cybercrime industry.

However, as previously reported in this publication on July 31 in "Fear, Uncertainty, and Doubt About Global IT Security," knowing that a cybercrime has occurred is very different from getting law enforcement agencies to react. And while the act of reporting cybercrime has become more acceptable by corporations, the international flavor of the Internet has made enforcing the laws incredibly difficult.

However, perhaps the tide has begun to turn.

The International Convention on Cybercrime

On August 14, 2006, the U.S. Senate signed onto the treaty the International Convention on Cybercrime at the prodding of the Bush Administration. This convention is the first treaty on computer-related crime and the collaboration of electronic investigation. Participating countries are required to target activities that include computer intrusion, computer-facilitated fraud, the release of worms and viruses, child pornography, and copyright infringement. Fifteen European nations—including Albania, Denmark, France, Norway, and the Ukraine—have fully ratified the final document. The U.S. has only just signed on, even though negotiations for the treaty began in 1997 after the Council of Europe established the need for global cooperation to combat cybercrime.

Of course, election year politics in the U.S. always inspires our representatives to go on record for important law enforcement legislation. But still, it's somewhat interesting that this particular administration can dismiss other global accords (e.g., the United Nations Framework Convention on Climate Change also known as the "Kyoto Protocol," which was also negotiated in 1997) as detrimental to the U.S. economy, yet will embrace the International Convention on Cybercrime. The irony is this: Should cybercrime actually be effectively controlled through the convention, it would directly impact the economy of the new IT industry sector that currently creates products and services to combat it, an industry sector that generates billions in revenue each year for the U.S. economy.

Did IBM Pay Too Much?

Clearly, the act of ratifying a treaty won't, in and of itself, catch a single criminal. But it's a positive step toward maturing the cypercrime industry sector, and IBM is now positioned to better engage this growing market with its purchase of ISS.

But did IBM pay too much for the company? A little financial perspective might be in order here. Considering that cybercrime is, at latest available estimates, generating $400 billion in illicit revenues, the market is certainly hot for remedies—if not complete solutions. If IBM spent $1.3 billion for ISS, could we draw a comparison to the value of any other security organization that is snooping around for criminals?

How about the Federal Bureau of Investigation, the good old FBI!

This year's budget for the entire FBI is only about six times larger at $7 billion. When you consider that the FBI has never operated in the black, the ISS purchase might seem like quite a bargain!

Or did I get my numbers wrong somewhere?

Thomas M. Stockwell is Editor in Chief of MC Press Online, LP.

Thomas Stockwell

Thomas M. Stockwell is an independent IT analyst and writer. He is the former Editor in Chief of MC Press Online and Midrange Computing magazine and has over 20 years of experience as a programmer, systems engineer, IT director, industry analyst, author, speaker, consultant, and editor.  

 

Tom works from his home in the Napa Valley in California. He can be reached at ITincendiary.com.

 

 

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: