Due Care, Due Diligence

      IBM announced on Wednesday that the technology giant has agreed to buy Internet Security Systems, an all-cash deal that the company valued at $1.3 billion, or about $28 a share.

      The acquisition, the fifth largest for IBM, makes Big Blue a stronger player in the security software and services industry, a $33 billion-per-year market, the company said. Acquiring ISS also deepens IBM’s managed services and compliances businesses, the technology giant said.

      "Companies recognize that rapidly evolving security threats and complex regulatory requirements have turned security into a mission-critical priority," Val Rahmani, general manager of IBM Global Services’ Infrastructure Management division. "This acquisition will help IBM to provide companies with access to trained experts and leading-edge processes and technology to evaluate and protect against threats and enforce security policies."

      The purchase is the latest deal in a trend of consolidation in the security industry. Microsoft bought up Windows systems experts Winternals and Sysinternals.com last month and plucked antivirus firm Sybari last year. Security firm McAfee purchased online Web site evaluator SiteAdvisor earlier this year, and Symantec bought enterprise backup provider Veritas in 2004. (Symantec also owns SecurityFocus.) Earlier this year, Check Point Software Technologies had to call off its deal to buy Sourcefire after the government intervened in the acquisition.

      Internet Security Systems’ research arm, X-Force, has regularly researched and reported significant software vulnerabilities. A vulnerability in networking giant Cisco’s products and found by an ISS researcher became the center of controversy in 2005, when the researcher resigned from the company to give a presentation at the Black Hat Security Briefings in Las Vegas.

      The deal is subject to shareholder and regulatory approval and will likely close in the fourth quarter of this year.

Continue reading »