The information security market continued to consolidate at a rapid-fire pace in 2007.
Some 20 security vendors were snapped up this year, including established names like security-services firm Cybertrust, which Verizon bought in May.
While 2007 didn't see much in the way of blockbusters like last year's EMC/RSA and IBM/ISS deals, big security players such as McAfee and Symantec got bigger by gobbling up smaller fish and large infrastructure companies like EMC continued to make inroads into the security space. Even Google got into the act with its acquisitions of Postini and GreenBorder.
Two segments of the security market in particular underwent tremendous consolidation: Web application security and data loss, or leak, prevention (DLP).
In the Web application security space, IBM bought Watchfire for an undisclosed amount in June. Less than two weeks later, Hewlett-Packard bought SPI Dynamics. The deals left just one major player in that space: Cenzic. On the DLP front, Symantec's acquisition of Vontu for $350 million in November followed Trend Micro's purchase of Provilla and Raytheon's acquisition of Oakley Networks in October. In August, EMC bought Tablus.
The consolidation in both segments has to do with embedding security into a broader picture, said Paul Stamp, a principal analyst at Cambridge, Mass.-based Forrester Research Inc.
"With the Web application security market, it's about embedding security into the development lifecycle," he said. Symantec's and EMC's DLP deals, meanwhile, are about building security into a wider information lifecycle management system.
The DLP, or content monitoring/filtering market, likely will see continued consolidation, said Eric Ouellet, a research vice president at Stamford, Conn.-based Gartner Inc.. The technology is better suited as part of a broader solution.
"You can buy it as a standalone [product], but the value of it is how it relates to all the other elements in your enterprise," he said. For example, it can help an enterprise apply encryption more effectively.
Meanwhile, the encryption market -- a segment filled with a lot of smaller vendors -- is another area that's primed for consolidation, Stamp said. Some were already snapped up, including SafeBoot, which McAfee acquired in October and Pointsec, which was acquired by Check Point Software Technologies.
"I think there will be a wider story around the infrastructure they're trying to protect," he said, adding, "This is the type of thing that's difficult to build organically."
Overall, while smaller security vendors are acquired and market segments shrink, more companies and technologies will continue to emerge to address new security problems, experts say.
"There will be lots of new little companies coming along with the next flavor du jour," Stamp said.
Jonathan Gossels, president and CEO of Sudbury, Mass.-based security-consulting firm System Experts Corp., said he fully expects industry consolidation to continue, a trend he wholeheartedly supports. "The customer is best served, because they end up with an integrated product with fewer moving parts. It raises their effective level of security," he said.
The trend doesn't mean the end of innovation, Gossels adds: "The fact that small security firms get acquired provides incentive for people to create small companies with great ideas."