The roll of the dearly departed security companies has grown longer. TippingPoint is gone. So is Perfigo, Netegrity,...
Brightmail, @stake, Foundstone, PestPatrol and scores of other pure-play security vendors. The major players--Cisco Systems, Symantec, McAfee and Computer Associates--have been gobbling up many of their smaller competitors, acquiring their people, assets and technologies.
You'd think that enterprises would welcome this consolidation. They've long sought the elusive "one-stop" security shop, where they can buy all of their products. In some cases, these vendors would also sell their servers and desktops (H-P, Dell), network gear (Cisco), and storage (Symantec, CA). Others hoped simply for better integration of security in operating systems and applications (Microsoft).
So, it surprised me to find that some security managers are dismayed by the consolidations. While they'll get access to integrated product suites and pricing discounts, they lament not having "their guy" at the small shop to call on when they need help.
Enterprises are still living in a best-of-breed world. With the established companies, they get the security of knowing that their vendor will be in business next year. As the saying goes, "No one has ever been fired for buying Big Blue." However, enterprises look to startups, like Tenable Network Security and Skybox Security, for the innovative solutions that come with the dedicated support and attention that only a small company can provide. As a CISO of a major financial services firm told me, "I had Foundstone on my return-call list. Now, I have to deal with McAfee, and who knows if they'll see me as a person or a number."
The problem is complicated when you consider the challenge of integrating the management, support, sales and distributions of two wholly different vendors. For instance, telecom and network gear vendor Juniper Networks was used to a steady flow of large equipment orders. When it acquired firewall juggernaut NetScreen Technologies, Juniper was reportedly unprepared for the order processing and distribution requirements of the high-volume business. While it eventually smoothed out, the hiccups didn't sit well with channel partners and customers.
And the startups aren't doing themselves any favors. Many have abandoned the IPO route in favor of the acquisition exit strategy. They may still be technology incubators, but they won't build customer affinity if their chief objective is impressing would-be suitors.
The security community needs both the startups that will produce the next best technology and the one-stop shops that integrate technologies. Rapid consolidation and entrepreneurs designing companies as acquisition targets could lead to stagnation that undermines everyone's security.
Changing of the Guard
I'm pleased to announce a few changes at the TechTarget Security Media Group. Andrew Briney, who has lead the Information Security editorial team for the past seven years, has been promoted to publisher and VP of the Security Media Group, which includes the magazine, SearchSecurity.com and the Information Security Decisions conference. Former TechTarget news director Jon Panker has been named editorial director of Search Security.com, and I will serve as Information Security's editor. Our team remains committed to provide you with the best news, information and analysis. Your security is our priority.