Last week, IBM announced that it would acquire Internet Security Systems, Inc. (SSI), the Atlanta-based corporation that provides managed security threat solutions to thousands of companies and governments around the world. ISS has been around since 1994, when this issue of Internet security was just beginning to be a concern to network administrators.
Milk and Cookies: From Rags to Riches
The ISS story is, in great part, a tale of a kid named Christopher Klaus who, in 1991, was working as an intern at the U.S. Department of Energy. Klaus saw an opportunity to write some software that would analyze the network and identify and correct security weaknesses in the infrastructure. He started selling his Internet Security Scanner product out of his grandmother's house in 1994 at the age of 19.
One imagines Klaus' grandma serving up a batch of Tollhouse cookies with every diskette sent out the door, but this scene quickly changed as the Internet revolution exploded on the scene. Why? Because ISS went public four years later and obtained about $3 million in venture capital in 1996.
Last week, IBM said it was buying the entire organization for about $1.3 billion.
From Milk and Cookies to Internet Cookies and Network Security
The success of ISS is more than a story of a kid making a fortune. It's a story about how burgeoning technology (the Internet) begets dangerous problems (network security, viruses, etc.) that require immediate products or solutions (network monitors, anti-virus software, etc.), which subsequently evolve into commercial behemoths (ISS, Symantec, etc.). Along the way, an industry sector is built, intellectual property is created, patents and trademarks are developed, and laws are written and modified to protect those who have ridden the financial waves of change.
In this environment, eventually the market needs to get organized, and the only step forward for industry growth has to come from a global marketplace, with specific requirements for security set by governments working in unison. Without such requirements, the market remains a free-for-all for any vendor with a product.
Fortunately, ISS today has product and service offerings that cover the entire realm of IT security, and IBM has had a long-standing relationship with the company, stretching back to the first days of ISS's Internet Security Scanner product. As potential Internet threats have exploded over the last 10 years, ISS—with the help of IBM Services—has penetrated the burgeoning market with amazing aplomb. Now the scene is being set for true dominance, and that is why IBM is making this acquisition.
The Cybercrime Market
Of course, 20 years ago, public networks of the size and scope of the Internet were inconceivable to most IT or IS security administrators: The world seemed much more contained, and the steps required to protect the information assets of a corporation were better understood. Customers relied upon computer manufacturers to provide the infrastructure for security. The security architectures of computer operating systems themselves, such as the OS/400 security architecture developed for the AS/400, were well-designed to require no more than central administration. The thought that one could build a company—much less an industry sector—on a concept of protecting the network from intruders, spam, virus attacks, or the thousand other threats that we fear today seemed overly paranoid. Why would anyone build such an open public network? Why would any corporation choose to use it? Then along came Windows and the Internet!
Today, of course, it's taken for granted that we're all just a keystroke away from catastrophe, with hackers lurking just beyond our firewalls, hackers who are continually probing the network for holes in our defenses.
IBM's purchase of ISS—particularly to enhance its own offerings in Managed Security Services offerings—is a tacit acknowledgement that there is no "solution" to network security threats, but only strategies to minimize the damage. Any person with the right twist of mind can walk into the corner Radio Shack and build a device that can jam a corporate wireless network. Any person with the appropriate computer skills can develop the next catastrophic Internet virus or worm. Highly technical network devices, such as DNS routers, have been proven to be vulnerable to corruption by DNS poisoning, a process by which the entire Internet can be hijacked to redirect specific traffic to bogus sites.
It's no wonder then that the fastest-growing e-business today is not in e-retail, e-manufacturing, e-security, or even e-pornography, but is instead defined by the industry sector called—for lack of a better word—cybercrime. Cybercrime includes identity theft, bogus electronic transactions, phishing, hijacked computers running robot code for distributing spam, viruses, or other misinformation—any crime that uses a computer attached to the Internet as its primary tool.
A Market Worth Billions
The FBI estimated that cybercrime cost citizens and corporations about $400 billion in 2004. (Estimates are still not available for 2005, but it's doubtful that the amount has decreased.) According to a report commissioned by the anti-virus giant McAfee, prior to 2000, cybercriminals acted alone in committing the majority of cybercrimes, usually in an attempt to attain notoriety within the cyber world. However, since 2000, there's been a shift: Organizations of criminals have entered the budding cybercrime industry.
However, as previously reported in this publication on July 31 in "Fear, Uncertainty, and Doubt About Global IT Security," knowing that a cybercrime has occurred is very different from getting law enforcement agencies to react. And while the act of reporting cybercrime has become more acceptable by corporations, the international flavor of the Internet has made enforcing the laws incredibly difficult.
However, perhaps the tide has begun to turn.
The International Convention on Cybercrime
On August 14, 2006, the U.S. Senate signed onto the treaty the International Convention on Cybercrime at the prodding of the Bush Administration. This convention is the first treaty on computer-related crime and the collaboration of electronic investigation. Participating countries are required to target activities that include computer intrusion, computer-facilitated fraud, the release of worms and viruses, child pornography, and copyright infringement. Fifteen European nations—including Albania, Denmark, France, Norway, and the Ukraine—have fully ratified the final document. The U.S. has only just signed on, even though negotiations for the treaty began in 1997 after the Council of Europe established the need for global cooperation to combat cybercrime.
Of course, election year politics in the U.S. always inspires our representatives to go on record for important law enforcement legislation. But still, it's somewhat interesting that this particular administration can dismiss other global accords (e.g., the United Nations Framework Convention on Climate Change also known as the "Kyoto Protocol," which was also negotiated in 1997) as detrimental to the U.S. economy, yet will embrace the International Convention on Cybercrime. The irony is this: Should cybercrime actually be effectively controlled through the convention, it would directly impact the economy of the new IT industry sector that currently creates products and services to combat it, an industry sector that generates billions in revenue each year for the U.S. economy.
Did IBM Pay Too Much?
Clearly, the act of ratifying a treaty won't, in and of itself, catch a single criminal. But it's a positive step toward maturing the cypercrime industry sector, and IBM is now positioned to better engage this growing market with its purchase of ISS.
But did IBM pay too much for the company? A little financial perspective might be in order here. Considering that cybercrime is, at latest available estimates, generating $400 billion in illicit revenues, the market is certainly hot for remedies—if not complete solutions. If IBM spent $1.3 billion for ISS, could we draw a comparison to the value of any other security organization that is snooping around for criminals?
How about the Federal Bureau of Investigation, the good old FBI!
This year's budget for the entire FBI is only about six times larger at $7 billion. When you consider that the FBI has never operated in the black, the ISS purchase might seem like quite a bargain!
Or did I get my numbers wrong somewhere?
Thomas M. Stockwell is Editor in Chief of MC Press Online, LP.
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online