Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

IBM is pushing further into the on-demand
delivery arena by launching its first set of security-as-a-service offerings
since its acquisition of Internet Security Systems in August 2006.

Serving primarily the small and midsize business sector, the new services will
be sold through the IBM ISS channels and will
enable midsize companies to combat the growing threats that are impacting their
businesses, according to Peter Evans, director at IBM

Previously, most SMBs saw themselves as too small to be affected by the mass
malware and hacking events, he said. However, new technology has meant that
automated systems are allowing malicious attacks to infect any machine
automatically. “Hacking and malware are now done by ‘for profit organizations.’ 
The Federal Trade Commission said that online fraud and hacking is now a $100
billion industry,” Evans said. 

Click here to read more
about the integration of the IBM and ISS channels.

If those hacking companies were to invest the average amount any normal firm
would into research and development, they would be spending about $15 billion
to $20 billion on developing new malware technology. All the security
vendors in the industry spend only about $7 billion to $8 billion combined on
R&D. “So SMBs are becoming more and more vulnerable,” Evans said.

The security services from IBM include
vulnerability assessment services, which Evans described as a business health
check, such as Express Penetration Testing Services, which emulates a network
attack and provides users with a report of what steps they need to take. Also,
IBM Express PCI Assessments helps SMBs
understand how the PCI compliance rules affect their business and how they can
become compliant.

In addition, the services include two bundled offerings: Express
Multi-Function Security Bundle, which encompasses protection against worms,
spyware, anti-virus and spam in a unified threat management offering; and
Express Managed Multi-Function Security Bundle, which is a fully 24/7 managed
security offering.

For server security, IBM launched the
Express Managed Protection Services for Servers, a fully managed security
service. “We also back this up with a guarantee,” Evans said.  “If
the customer is hacked while under our care, we will pay the cost of the hack
to their business.”

Although the solutions are also offered as on-premises offerings, Evans said
IBM ISS is trying to deliver everything as a
service to keep costs down for end users. “Spending on security is rising 6
percent a year,” he said. “But spending on the labor needed to manage that
security is rising 11 percent a year; therefore we need to help SMBs remove
some of the cost by offering solutions as fully managed services.”

All of the security services will be delivered through IBM’s
Express Advantage program, according to Evans.  “These are the first
offerings from ISS to be branded as Express Advantage, which means they have
the marketing and infrastructure behind them to make them specifically designed
to be delivered through partners,” he said.