I had mixed feeling with IBM's Internet Security Systems general manager, Val Rahmani, performance at RSA's CEO panel. On one hand, Rahmani was very eloquent on general topics, such as protecting smaller firms and consumers from "smart hackers", the industry consolidation and building security into the "fabric" (virtual machines, mainframes, browsers...) but very much on the defensive when it relates to ISS, a company IBM bought a year and a half ago for $1.3 billion and which has been slow to integrate.

"In terms of ISS, we're starting to integrate much more. The whole idea of buying ISS was to become, no offense to my very good friends here (CEOs from McAfee, RSA and Verisign!), the dominant player in the security space bar none... We're not subject to monopoly anymore... 25 years ago I could not have said it", says Rahmani.

More on the ISS acquisition:

"The reason we bought ISS was because of the unique combination they had of the product and the services. So hardware, software and services that all worked together... and provide a continuum of options for our customers... We started integrating it at different levels. So I talked about the announcement we made yesterday which was a research announcement about virtualisation. What better place for 2 companies to come together: a group that is got X-Force researchers, who know everything there is to know about security protection, IPS and IDS... and a group in IBM of researchers who had been working on virtualisation since the day we first invented virtualisation. So they came together at the research level... We are now linking the development level, the sales level... It's really taken in honest that year and a half to start really understanding what we each do, to start saying where do we start bringing our skills together".

... and on Chris Klaus, founder of ISS:

"Chris left before we did the acquisition. We keep in touch sometimes but he's not still with us. Still with us in spirit I hope but not physically. He's off doing new things".

Every user is going to be infected and antiviruses are not going to protect us!

"One way or another, they are going to get infected. Somebody is going to send them something down the wire or across their PC. Something bad is going to happen to every user. The soon we accept that every user is going to be infected, the sooner we're going to take the right kind of measures... Let's not assume they are going to run antivirus and that's going to protect them. Because it isn't... It is not our fault that the user is infected but it is our problem. Because if do not solve this, we are going to see the end of online shopping... We have to give our enterprises the tools to stop this... And that's what we're spending a lot of our energy thinking about right now... It's not enough as Dave (CEO of McAfee) was saying, a point product for everything just isn't going to solve this because there's always be some really smart hacker who finds his way through all of the tools. We have to think about this holistically".

Rahmani on acquisitions:

"I don't know how much more acquisitive you would have us be. We bought as IBM 12 companies in the last year. So, I think we have a little work to do just getting all of them going before we do an awful lot more. But we'll keep looking"

Virtualisation: IBM focused on securing the core of the datacentre i.e. the hypervisor, the OS.

"Virtualisation is 2 seperate pieces. One is appliance virtualisation. Virtualisation of all the different point product and pulling them together... under a common management system... The other side is what I would call data centre virtualisation which where we are really pulling together the vast number of servers... Those environments clearly have the potential either to be much more secure if we get it right or much less secure if we get it wrong. Because if somebody bad can get in that environment, it got access to awful lot of stuff through one common management system... Phantom was really about securing the hypervisor in those large scale datacentres. Where we do really need to make sure we're linking the security right in the hypervisor level".