This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
Security managers are asking pure-play vendors questions about their viability.
It was difficult to tell whether Art Coviello's tan was from the sun or whether he was just flush with cash. It was the dead of February in San Francisco and there was the leader of RSA Security telling attendees at his company's namesake conference that the standalone security market would be extinct by the end of the decade. "The value of security as a standalone solution is diminishing," he said from the keynote pulpit.
Almost immediately from more than one corner of the vast auditorium hall you could hear snickering: "Easy for you to say, Art, since you've just been acquired."
EMC's $2.1 billion acquisition of RSA in June 2006 epitomizes the type of consolidation in the security market that continues today. Security companies are attractive acquisition targets for large infrastructure players like EMC, which plans to integrate RSA's authentication and encryption capabilities horizontally across its storage and data management portfolio.
It's not a stretch to think Coviello may be correct about consolidation on some levels. With 700 companies scratching and clawing, sometimes in the smallest niche spaces, for every available dollar, there isn't room for all of them. Innovative standalone security vendors are turning into sitting ducks for bigger buyers. Will best-of-breed, point-solution protection eventually dissolve into a mashup of suites
Some security managers hold out hope that isn't the case.
"A lot of the startups are venture-funded, and innovation is really with smaller companies," says Patrick A. Cote, information security officer for educational publisher Houghton Mifflin. "I think, the more mergers that happen, the more startups you'll see because the money is there; it's VC-backed. [Venture capital firms] have a better understanding of the marketplace than some of the big companies."
This was first published in September 2007