This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
Big is the New Small
Security managers are often put in precarious corners, many times by emerging threats, but more times than not, it's by their budgets. Information security isn't a tangible; it's like buying insurance, CISOs are wont to say. Justifying new investments is difficult, and in the majority of cases, security managers are asked to do more with less.
"My expectation is if I spend the money on a product and it gets gobbled up by a larger company, the parent company would maintain the product and the client base long enough that the solution would still be viable," says Sander Silvera, security manager with a financial services organization. "If IBM purchases my vendor, for example, I'm hoping IBM doesn't have a competing product and it's gobbling up my vendor just so it doesn't compete with an internally grown product. If that happens, I don't know what to tell you."
Determining the long-term viability of a small security company, no matter how innovative and important its technology, is a make-or-break exercise for many organizations. Security technology isn't cheap, and if you've got an established relationship with a giant infrastructure provider that has scooped up a bevy of security assets in a flurry of M&As, you may be inclined to lean that way.
"They throw off a big shadow," Cote says of the bigger players. "Theirs is not always the best solution. One of the decision points is ease of deployment, and if you've got the infrastructure
To that end, M&A has been A-OK with some vendors that make their bread primarily outside the security industry (see "Getting Into Security," PDF). EMC made a loud splash with its RSA pickup, and IBM continues to dive deeply into the security pool. In June, IBM acquired Web application security specialist Watchfire for an undisclosed amount. The Watchfire purchase came 10 months after Big Blue spent $1.3 billion on network security company Internet Security Systems. ISS will beef up IBM's services offerings, while Watchfire's AppScan technology is likely destined for inclusion in IBM's Rational development platform. HP, meanwhile, made what some are calling a reactionary move less than two weeks after the Watchfire announcement, when it bought Web app security firm SPI Dynamics, leaving just one major player in that important niche, Cenzic (see "Is Cenzic on Borrowed Time").
|Getting Into Security|
Traditional IT companies have been scooping up some big information security vendors in the last 15 months.
Click here for a a sample of those acquisitions. (PDF).
This was first published in September 2007