Internet Security Systems, Inc. (ISS) (ISSX)
Interview with: Thomas Noonan, Chairman, President and CEO
Business News, Financial News, Stocks, Money & Investment Ideas, CEO Interview
and Information on their
RealSecure® security software that provides information protection solutions dedicated to protecting online assets.

Cover Story

Index &

Current Issue



and Reports





Contact & Ordering

"To print this page go to file and left click on print"

Internet Security Systems intrusion protection system RealSecure® goes beyond traditional antivirus and firewall

wpe52.gif (4824 bytes)

Security Management Software

Internet Security Systems, Inc. (ISS)

6303 Barfield Road
Atlanta, GA 30328
Phone: 414-236-2600

wpe5A.gif (48367 bytes)

Thomas Noonan
Chairman, President and
Chief Executive Officer

Interview conducted by:
Lynn Fosse
March 2003

Bio of CEO,
Thomas E. Noonan, President, Chairman & Chief Executive Officer. Noonan is responsible for the overall strategic direction, growth and management of Internet Security Systems. He launched the company in 1994, along with Christopher W. Klaus, and has led Internet Security Systems to the preeminent position in the network security industry. Prior to joining Internet Security Systems, Noonan held senior management positions at Dun and Bradstreet Software. Tom holds a mechanical engineering degree from the Georgia Institute of Technology and a business degree from Harvard University.

Company Profile:
Internet Security Systems, Inc., (NASD: ISSX) incorporated in 1997, is a security software company providing information protection solutions dedicated to protecting online assets. The company's security management solutions include software products, managed security services and professional services that are made up of both consulting and training services. The company offers a comprehensive line of products and services for enterprise, small enterprise, consumer and service provider customers. The company provides security management solutions in three geographic areas: the Americas (United States, Canada and Latin America), which accounted for 71% of total revenues in 2001, EMEA (Europe, Middle East and Africa), which accounted for 15% of total revenues in 2001 and Asia/Pacific Rim, which accounted of 14% of total revenues in 2001.

The company’s RealSecure® Protection System™ provides integrated, centrally managed vulnerability assessment, intrusion detection and response, and security decision-support to protect enterprise networks, servers and desktops. This solution integrates intrusion detection and response, vulnerability assessment, policy compliance and data collection and analysis, all coordinated through the RealSecure SiteProtectorÔ centralized management structure. RealSecure Network Protection provides a wide range of specialized protection sensors for networks and gateways, all tightly integrated into a centralized operational and management framework.

BlackICE™ software applications deliver straightforward, easy-to-use desktop (personal computers),
firewall and server intrusion protection and malicious code blocking solutions for small offices, home offices and consumers. Their Internet Scanner®, System Scanner®, Database Scanner™ and Wireless Scanner™ audit and assessment applications ensure the availability, integrity and confidentiality of mission-critical online assets. These award-winning products provide comprehensive evaluation of current security status across networks, servers and applications, for both fixed and mobile network environments.

Internet Security Systems' X-Force™ knowledge services organization is dedicated to proactive counter intelligence and public education against online threats. X-Force researches security issues, tracks the evolution of threats through ISS' Global Threat Operations Center, and brings new threat management solutions to market through managed security services, professional services consulting, X-Force Education Services, emergency response, X-Press Update™ product enhancements and comprehensive customer support. The company's services include managed intrusion protection service, managed firewall service, high-availability managed firewall service, client VPN service, managed site-to-site VPN service, managed anti-virus service, managed remote scanning, managed Web filtering and managed security services customer portal.

CEOCFOinterviews: Mr. Noonan, why was Internet Security Systems formed? What is your vision?

Mr. Noonan: “Internet Security Systems was formed to effectively protect distributed systems and networks that were interconnected by a vast public network. At the time, the Internet was a technical concept, not necessarily the enabler that we know today. Our vision was to build a dynamic protection system that could detect threats of all kinds, which would compromise the integrity, security and availability of an Internet-worked system. That could be a desktop, a server, a network, etc. Our vision and our passion has been focused toward developing this core technology that would give businesses the ability to protect regardless of the threat on their systems or where they may be geographically.”

CEOCFOinterviews: How are you doing that?

Mr. Noonan: “We have a very innovative approach. The industry generally credits ISS with the invention of two core technologies; one of them is intrusion detection  (IDS) and the other is vulnerability assessment (VA). These two technologies dynamically detect threats to distributed systems. Most of us grew up with an anti-virus program and were protected when the only threat was a virus on a distributed system. Today, there are threats of all kinds. You could look at our technology as the next generation of firewall and anti-virus technology. However, they are vastly different because of the dynamic nature of these systems.  ISS products have the ability to detect, block and prevent threats of all kinds, which is economically very exciting to businesses.

A typical computer that we protect, using the old model of security would require anti-virus, firewall, and intrusion-detection technology.   ISS is pioneering a system that performs like all of those systems, but does it as a single agent. In addition, it has the ability to detect and prevent new unknown threats. Users have to continually update anti-virus technology with an adaptable dynamic protection engine. With our system you have the ability to stop threats of all kinds, while enforcing a consistent corporate policy across all computing systems in a corporation or entity.”

CEOCFOinterviews: Please tell us a little about how you provide this protection through your product offering.

Mr. Noonan: “Three fundamental and unique assets here at ISS allow us to provide this level of protection. The first is a group of researchers known in the industry as the X-Force™, who are fundamentally researching threats and vulnerabilities on the Internet on a 24/7 basis. This is a very advanced research group that is extremely sophisticated in their ability to understand, track, monitor and define threats on the Internet and make sure that our systems, which we call RealSecure®, is updated with the latest capabilities to stop those threats.

When we built this software protection agent, we envisioned the equivalent of a security guard working inside a house or a building. We decided it had to be dynamic, active and know what is happening at all times on the system. It also has to recognize the difference between naughty and nice, enforce nice and prevent naughty. The technology that we are using is extremely automated and extremely dynamic, in that it is monitoring the applications, networking services, operating systems, content coming in and out, and connections to and from the system to enforce good policy. We hold a number of patents on this technology, which is a core innovative part of our business.

The third way we are able to protect customers is by providing companies around the world managed security services from security operation centers located in the U.S., Europe, Asia and South America. We have an comprehensive network of security experts monitoring customers’ networks and preventing malicious activity from compromising the integrity and availability of their systems.  ISS does that through our security monitoring systems. The information that we glean on a daily basis is a competitive advantage for us because we see in ‘real- time’ new ways hackers compromise networks and are able to use that information as a renewable source of intelligence to make our products  ‘smarter’ and more sophisticated.”

CEOCFOinterviews: Sounds like an interesting business model.

Mr. Noonan: “We really have a unique business model; if you look at our P&L, we are about 50% software and 50% recurring services. Our customers look to us for significantly more than technology but also to help them solve very complex security problems they are faced with in this distributing computing environment.”

CEOCFOinterviews: Do you license your software?

Mr. Noonan: “Yes, we license the software to our customers.  It physically resides on desktops, servers and network segments. That licensed software can be monitored and managed internally by the customer; a big enterprise might choose to set up their own security operation center within their company. On the other hand, there are thousands of companies that don’t have security expertise and they can’t afford to build a security operation center within their company. We provide that security monitoring for them on a 24/7 by 365 basis. The business model of this company is two foundational bricks - a protection system, which is the software-licensing model, and managed security services, which is the subscription annuity model.”

CEOCFOinterviews: Are companies migrating more towards the managed solutions?

Mr. Noonan: “It is the fastest growing part of our business today. We are adding literally thousands of customers a year. Many of our customers have said to us “you are the security experts, you can do this cheaper and more effectively.” Very few of our customers are in the security business; this allows us to leverage our unique expertise and solve the customer’s problem.”

CEOCFOinterviews: Is your service guaranteed?

Mr. Noonan: “One of the things about security, both in the physical world and in the network world, is that there is no silver bullet and there is no 100% solution to security.  What you are trying to do is manage risk. We guarantee our service level agreements. A critical element of our customers business is to monitor and respond to threats, which is where they are focused.”

CEOCFOinterviews: What do you think the market needs to understand as you look to increase your share?

Mr. Noonan: “We have seen a lot of change as security has become more important to businesses being confronted with security problems associated with Internet-connected businesses. Typically, we will work with large- or medium-sized companies who deploy RealSecure across the enterprise. Because the software agents touch every desktop and every server, many of our customers are in implementation for anywhere from six months to eighteen months, depending upon how large the project is. With smaller companies, providing protection just in a simple gateway provides a great value.

As we look to grow our market share, one of the things we are extremely pleased about is the fact that the mainstream market is beginning to truly understand and adopt these technologies by purchasing security for the first time. They have a choice; they can go with the traditional ‘legacy’ approach, which is very expensive and less effective against today’s Internet threats; that means buying stand-alone, anti-virus, firewall, and other types of legacy technology; or they can take a more current approach, which is to look at a RealSecure® Protection System. Not only does ISS’ software system deliver great benefits to them it gives them the ability to outsource the time-consuming and complex activity associated with monitoring your network and responding to threats.”

CEOCFOinterviews: Is it more costly to implement your system?

Mr. Noonan: “Absolutely not! It is less costly. One of the key drivers of the adoption of the RealSecure® protection technology has been the reduced total cost of ownership demonstrated everywhere it has been implemented. There is less software to implement and manage, which reduces time and complexity. With a common management console that literally sees every aspect of your security geographically in the system and the world, requires less management tasks.

RealSecure® gives you the ability to enforce policy immediately through a simple policy management system. Our customers operated effectively through Code Red, which took down the Internet last year, because they were able to change a policy in the system that blocked that particular threat immediately. It is a very cost effective approach, in fact I think it will be the economics that drives this as much as the technological innovation.”

CEOCFOinterviews: How do you reach potential customers?

Mr. Noonan: “Reaching potential customers is obviously one of the challenges for every business. We have an unfair advantage in many ways in that our company has been closely associated with the development of this pioneering technology. In fact, we are considered the inventors of it. We have been able to leverage our reputation as a competent, trusted security advisor in the large enterprises that we serve around the world. Today, we serve somewhere in the neighborhood of twelve thousand, large and elite enterprise companies, so the challenge has gone beyond that.

Getting into the mainstream market requires us to repackage our products and price in a way that we have not typically done  for the large and elite enterprise marketplace. Our challenge is our brand awareness in the mainstream market, and the availability of our products and services through distribution channels from which they are accustomed to buying. Lastly is the challenge of scaling our business to accommodate tens of thousands of middle-market and mainstream customers, who are now beginning to adopt this technology.”

CEOCFOinterviews: So there is plenty of room for growth here?

Mr. Noonan: “Absolutely! We are on the front-end of a very large horizontal market opportunity.”

CEOCFOinterviews: Are acquisitions or joint ventures a part of your growth strategy?

Mr. Noonan: “Acquisitions have always been within our strategic purview. In fact, since 1995, ISS has acquired very strategically to gain specific pieces of technology that we felt were core, enabling technologies that complement the base protection system that we have built . We haven’t typically gone out and acquired companies with revenue; we have typically acquired very interesting sophisticated technology. We have done five or six acquisitions and have integrated them effectively into the company’s product line. Moving forward, we will continue to do so.

CEOCFOinterviews: Are governments, both U.S. and others major customers of yours?

Mr. Noonan: “The U.S. Federal government is a very large customer for Internet Security Systems, both in the defense and civilian side of the business. That is not limited to just the U.S. government; we do a lot with state governments today for Homeland Security, forcing first responder requirements down to the state level. The state business is expanding very quickly. ISS is known the world over as a company that serves government interests.  In fact, today we serve about thirty-seven of the worlds governments with our protection systems.”

CEOCFOinterviews: Can you envision a time when insurance companies might require protection like yours or give reductions to their customers who have this protection?

Mr. Noonan: “The insurance companies, who are entirely focused on risk-management profiles and business, are actually getting very active in this area. A good example is Tokio Marine and Fire Insurance CO., LTD, in Tokyo. They provide policies that are significantly reduced in terms of the over-all premiums if ISS is monitoring their networks and providing security. The same is true here in the U.S. with Marsh & McLennan Companies (NYSE: MMC), as well as AIG (American International Group, Inc. (NYSE: AIG), who are also providing deep discounts to their business risk insurance to companies that partner with ISS. In many cases, the reduction in premiums is significantly beyond the cost of the overall service for the year. There is almost an immediate ROI toward doing it, on top of having the  benefit of enhanced security.”

CEOCFOinterviews:  Tell me about your core values, as featured on your website.

Mr. Noonan: “The core values for the company were actually developed and put on a piece of paper in1995, and they are something that is very important to me.  Building this business has been much more than building four walls; it’s been about bringing together visionary, passionate people with a profit motive and a competitive desire to deliver something to the world that has never been done before.

The company’s culture and core values are critically important to scaling this business to realize our vision to be the world’s most widely respected and trusted security company in the cosmos, and that is what we come to work everyday to do. Our core values are about working together as a team because nobody can do it alone.  Learning, empowerment, guarding the company’s resources and being frugal -- that is who we are. The company will change in many aspects, but the core values are the glue that hold us together; we continue to talk about those and live by them within our employee base as a way to consistently create an environment that was one of the founding principles.”

CEOCFOinterviews: In closing, what would you like to say to shareholders and future investors?

Mr. Noonan: “First of all, the opportunity for competent security companies is enormous.  The world is not becoming any kinder or gentler - it is a perfectly horizontal market. Businesses are becoming more dependent on the use of computing systems; and critical infrastructure, meaning our banking, transportation, oil and gas distribution, and emergency services, are dependent upon a safe and uninterrupted Internet. Our goal is to stay agile and ahead of our competition while being a trusted partner to our customers.  Potential is almost unlimited and we think we are well on our way.”

We have been together as a team for nine years, we have demonstrated staying power, and we are profitable. Profit will remain a core driver of this company. We are innovative; we were just recently recognized by Gartner and IDC as the market leader four years in a row.   We are committed; this is not a flash-in-the-pan. We are nine years focused on solving an enormous problem for our customers. I think if I had to leave our investors and shareholders with one thing, it would be for them to look at us and see that we are growing and have a tremendous opportunity. We are both competent and confident that we can seize that opportunity for our shareholders, our customers and employees.”


© – Any reproduction or further distribution of this article without the express written consent of is prohibited. does not purchase or make
recommendation on stocks based on the interviews published.