Well, it's official. Internet Security Systems has been snapped up by IBM, and the acquisition has closed. Analysts say it's a good fit for the most part -- it'll help Big Blue jump into the managed services business.

But they're not sure if ISS's products make so much sense for IBM, which has a fairly ordinary track-record in selling network kit.

An interesting side note to this whole thing, which didn't make it to the story I filed for yesterday's Age and Sydney Morning Herald newspapers, is that defining what a 24X7 security operation centre can get tricky.

ISS CEO Tom Noonan told me during a phone interview that the opening of ISS's shiny new security operations centre (SOC) in Brisbane last week will make it easier to sell monitoring services to Australian enterprises that don't want to see information about their networks passing before foreign eyes.

Staff at ISS SOCs monitor logs from networking equipment like intrusion detection systems.

But later, when I interviewed Kim Duffy, ISS's Australian MD, he got a little cagey on whether the Australian centre is a 24X7 SOC. He said it had a 24X7 "capability" and was a part of a "global, 24X7 network", before eventually conceding that the Brisbane centre would not be staffed around the clock.

He also got very huffy. When pressed for an actual answer to the question I was asking ("Will the centre be staffed around the clock?"), his response was: "Well if you're writing an aggressive story about this then I don't care to discuss it."*

He then went on to explain his reluctance in answering was due to security measures: nasty hackers could read about the SOC's limited hours of operation in the paper and start attacking his clients after hours. Strange reasoning, but whatever.

But the question is this: how can Noonan say keeping client network data in Australia is a selling point while the Brisbane SOC is only manned during office hours? Are CSOs signing up for "business hours only" SOC services? It wouldn't be the end of the world, having business hours monitoring is still quite useful because it means network data is being eyeballed at regular intervals, minimising the window for attackers. But still, most enterprises prefer a 24X7 service.

ISS does indeed have a 24X7 monitoring capability, with many SOCs all over the world, and the addition of an Australian centre is great news. Why the company is reluctant to describe it as what it is -- a new centre that's meshed into a global network of monitoring stations that doesn't even NEED to be manned 24X7 -- is a mystery. Why CSOs are reluctant to have their network logs analysed by staffers at other ISS centres around the globe is an even bigger mystery.

* In the past I've been assigned to write some stories (here and here, for example.) about ISS that were hardly glowing, so the huffyness is understandable.