This page contains a Flash digital edition of a book.
and military research. Moreover, chief information security offi cers are also more willing than other senior IT managers to buy from smaller, more specialist vendors, as they need to tackle specifi c security or data protection concerns. A customer relationship management system, or a word-processing package, may function adequately even if it is not the best. The concept of “good enough” technology, however, is harder to apply to security.


“If you look at the security market over the last few years, the top players have lost market share, despite high levels of mergers and acquisitions”, explains Ruggero Contu, a security specialist at industry analysts Gartner. “Although we have both larger and smaller companies acquiring for a number of reasons, there is also a lot of activity at the bottom of the ecosystem. “We have start-ups with new ideas, or that cater for new security requirements. In the enterprise space, for example, we have companies targeting mobility, or virtualization”, Ruggero continues. “We have consolidation, with the larger players acquiring to beef up their portfolios, or looking to expand into new markets, but there is also a lot of dynamism.”


Unique Motivations Nonetheless, the stage is set for more acquisitions in 2012. At the top end of the


market, security vendors such as Symantec are relatively cash-rich, and have a track record of growth through acquisition. Lower down, some smaller vendors are likely to fi nd it harder to raise funding for expansion or product development, pushing them toward deals with larger players. “In general, I don’t think infosec companies are built to be sold; most are built to solve a particular problem, or because they believe they offer a superior alternative solution than the status quo”, says Chris McKie, director of investor relations at vendor WatchGuard. “The fact that many are sold is usually a result of market conditions, competitive pressures, or a need to accelerate growth.” According to Bob Tarzey, at industry analysts Quocirca, security industry mergers and acquisitions tend to happen either because ideas developed by smaller vendors become of interest to the larger players, or because larger vendors are looking to gain market share. “Symantec has grown by taking market share, through buying companies in the space”, he says. Then there is the role of market consolidator being played by IT vendors that are not security specialists, but which have – or which want to have – a signifi cant security capability. EMC2


’s security


acquisitions have been about bolstering its credentials as an information management


provider, rather than a hardware security vendor. Oracle acquired some signifi cant, non-database security assets when it bought Sun Microsystems, especially in the area of access and identity management.


General Blue Chip The real driving force in recent M&A activity comes from among the generalist hardware vendors, including HP, Cisco, and Dell. HP has been building up its capabilities through acquisitions such as ArcSight. So far, HP has focused on deals that fi t with its IT management capabilities. Dell bought SecureWorks early last year, and Cisco has also been buying, as security moves further into the network layer.


“Cisco has built up security to a $1bn revenue stream”, says Quocirca’s Tarzey. “But it also has security in its devices. HP is doing the same.”


In this, the vendors are following a trend toward diversifying out of hardware, and bolstering their in-built security offerings. It is a path IBM has been following for several years.


“Our security framework is based on four dimensions: people, data, applications and infrastructure”, says Mark Van Zadelhoff, a vice president at IBM, which recently bought security vendor Q1 Labs. “Two trends favor the generalist vendor: the desire among customers to consolidate vendors, and to


Some key security deals that have shaped the industry:


40


January/February 2012


June 1998: McAfee (then Network Associates) buys Dr Solomon


December 2004: Symantec merges with Veritas June 2006: EMC2


buys RSA


August 2006: IBM buys ISS October 2008: Symantec buys Messagelabs October 2009: Cisco buys ScanSafe December 2009: Microsoft buys Frontbridge August 2010: Intel buys McAfee September 2010: HP buys ArcSight January 2011: Dell buys SecureWorks July 2011: Sophos buys Astaro


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60