IBM is pushing further into the on-demand delivery arena by launching its first set of security-as-a-service offerings since its acquisition of Internet Security Systems in August 2006.

Serving primarily the small and midsize business sector, the new services will be sold through the IBM ISS channels and will enable midsize companies to combat the growing threats that are impacting their businesses, according to Peter Evans, director at IBM ISS.

Previously, most SMBs saw themselves as too small to be affected by the mass malware and hacking events, he said. However, new technology has meant that automated systems are allowing malicious attacks to infect any machine automatically. “Hacking and malware are now done by ‘for profit organizations.’  The Federal Trade Commission said that online fraud and hacking is now a $100 billion industry,” Evans said. 

Click here to read more about the integration of the IBM and ISS channels.

If those hacking companies were to invest the average amount any normal firm would into research and development, they would be spending about $15 billion to $20 billion on developing new malware technology. All the security vendors in the industry spend only about $7 billion to $8 billion combined on R&D. “So SMBs are becoming more and more vulnerable,” Evans said.

The security services from IBM include vulnerability assessment services, which Evans described as a business health check, such as Express Penetration Testing Services, which emulates a network attack and provides users with a report of what steps they need to take. Also, IBM Express PCI Assessments helps SMBs understand how the PCI compliance rules affect their business and how they can become compliant.

In addition, the services include two bundled offerings: Express Multi-Function Security Bundle, which encompasses protection against worms, spyware, anti-virus and spam in a unified threat management offering; and Express Managed Multi-Function Security Bundle, which is a fully 24/7 managed security offering.

For server security, IBM launched the Express Managed Protection Services for Servers, a fully managed security service. “We also back this up with a guarantee,” Evans said.  “If the customer is hacked while under our care, we will pay the cost of the hack to their business.”

Although the solutions are also offered as on-premises offerings, Evans said IBM ISS is trying to deliver everything as a service to keep costs down for end users. “Spending on security is rising 6 percent a year,” he said. “But spending on the labor needed to manage that security is rising 11 percent a year; therefore we need to help SMBs remove some of the cost by offering solutions as fully managed services.”

All of the security services will be delivered through IBM's Express Advantage program, according to Evans.  “These are the first offerings from ISS to be branded as Express Advantage, which means they have the marketing and infrastructure behind them to make them specifically designed to be delivered through partners,” he said.