Year of non-stop consolidation in information security market

Consolidation continued at a rapid clip with the data loss prevention and Web application security markets seeing the most activity

The information security market continued to consolidate at a rapid-fire pace in 2007.

There will be lots of new little companies coming along with the next flavor du jour.
Paul Stamp,
principal analystForrester Research Inc.

Some 20 security vendors were snapped up this year, including established names like security-services firm Cybertrust, which Verizon bought in May.

While 2007 didn't see much in the way of blockbusters like last year's EMC/RSA and IBM/ISS deals, big security players such as McAfee and Symantec got bigger by gobbling up smaller fish and large infrastructure companies like EMC continued to make inroads into the security space. Even Google got into the act with its acquisitions of Postini and GreenBorder.

Two segments of the security market in particular underwent tremendous consolidation: Web application security and data loss, or leak, prevention (DLP).

In the Web application security space, IBM bought Watchfire for an undisclosed amount in June. Less than two weeks later, Hewlett-Packard bought SPI Dynamics. The deals left just one major player in that space: Cenzic. On the DLP front, Symantec's acquisition of Vontu for $350 million in November followed Trend Micro's purchase of Provilla and Raytheon's acquisition of Oakley Networks in October. In August, EMC bought Tablus.

Security acquisitions 2007:
January -- Cisco Systems/IronPort (messaging security appliances)
February -- EMC/Valyd Software (database and file encryption); Cisco/Reactivity (XML gateway security)
May – Verizon/Cybertrust (security services); Google/GreenBorder (antimalware, browser security) June – IBM/Watchfire; HP/SPI Dynamics (both Web application security); Lumension Security (formerly PatchLink)/SecureWave (endpoint security); EMC/Verid (consumer authentication technology)
July – Google/Postini (on-demand Web security)
August – EMC/Tablus (data loss prevention); Novell/Senforce (endpoint security management); VMware/Determina (host intrusion prevention); Sourcefire/Clam AV (antivirus, antimalware)
October – Trend Micro/Provilla; Raytheon/Oakley Networks (both data loss prevention); McAfee/SafeBoot (endpoint encryption); McAfee/ScanAlert (Web site security certification service)
November – Symantec/Vontu (data loss prevention); Sun Microsystems/Vaau (identity management)

The consolidation in both segments has to do with embedding security into a broader picture, said Paul Stamp, a principal analyst at Cambridge, Mass.-based Forrester Research Inc.

"With the Web application security market, it's about embedding security into the development lifecycle," he said. Symantec's and EMC's DLP deals, meanwhile, are about building security into a wider information lifecycle management system.

The DLP, or content monitoring/filtering market, likely will see continued consolidation, said Eric Ouellet, a research vice president at Stamford, Conn.-based Gartner Inc.. The technology is better suited as part of a broader solution.

"You can buy it as a standalone [product], but the value of it is how it relates to all the other elements in your enterprise," he said. For example, it can help an enterprise apply encryption more effectively.

Meanwhile, the encryption market -- a segment filled with a lot of smaller vendors -- is another area that's primed for consolidation, Stamp said. Some were already snapped up, including SafeBoot, which McAfee acquired in October and Pointsec, which was acquired by Check Point Software Technologies.

"I think there will be a wider story around the infrastructure they're trying to protect," he said, adding, "This is the type of thing that's difficult to build organically."

Overall, while smaller security vendors are acquired and market segments shrink, more companies and technologies will continue to emerge to address new security problems, experts say.

"There will be lots of new little companies coming along with the next flavor du jour," Stamp said.

Jonathan Gossels, president and CEO of Sudbury, Mass.-based security-consulting firm System Experts Corp., said he fully expects industry consolidation to continue, a trend he wholeheartedly supports. "The customer is best served, because they end up with an integrated product with fewer moving parts. It raises their effective level of security," he said.

The trend doesn't mean the end of innovation, Gossels adds: "The fact that small security firms get acquired provides incentive for people to create small companies with great ideas."

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close