IBM's purchase of Internet Security Systems (ISS) last week is causing concern among ISS customers over the future of its security products and services.

IBM agreed to buy the company in an all-cash deal worth $1.3 billion - the largest acquisition for IBM since it bought PricewaterhouseCoopers for $3.5 billion in cash and stock in 2002.

ISS is a provider of network security products and managed security services, and sells a range of intrusion-prevention, intrusion-detection and so-called unified threat management appliances. It made $300 million in revenue in 2005.

Bob Hartland, director of IT services at Texas-based Baylor University and a longtime ISS user, said he's taking a wait-and-see approach to the proposed acquisition. With IBM's focus on services, Hartland said, it is unclear how long the company will sell standalone ISS products before forcing users to sign up for service contracts.

The university has "thoroughly enjoyed" its relationship with ISS, he said, but is now concerned about whether Baylor can maintain that bond with the much- bigger IBM.

Some ISS customers are likely to be upset at the company's "loss of independence as a standalone vendor," said Forrestor analyst Paul Stamp. "There are some who likely chose ISS because they valued their independence from a larger company whose No. 1 priority isn't necessarily security."

Eric Latalladi, vice president and chief technology officer at J.B. Hanauer, a financial services company and ISS user, also expressed such concerns. "I don't always like dealing with 800-pound gorillas," said Latalladi, adding that it is unlikely his company will get the same level of attention from IBM as it received from ISS.

Val Rahmani, IBM's general manager of infrastructure management services, said the acquisition will help IBM deliver a range of "pre-emptive" and "scalable" products while bolstering the company's slate of managed security offerings.

Gartner analyst John Pescatore said he expects IBM to easily take advantage of the ISS managed services business, but he speculated about the future of the security products. "IBM acquiring the managed services part of ISS makes sense," Pescatore said. But the addition of a full range of network security products makes little sense. "IBM is really strong in the ID and access management side of security, and that is totally different from network security," he said.

Moreover, the addition of the products will place IBM in direct competition with well-established vendors of network security offerings, such as Cisco, Enterasys and Juniper, said Pescatore.

"The Proventia stuff is sort of a throwaway in this deal," said Jon Oltsik, an analyst at Enterprise Strategy Group. "Other than the existing installed base, it is a small piece of the deal."

When the deal is completed, ISS's operations will become part of IBM Global Services, and its software products will be integrated with IBM's Tivoli management suite.