Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, March 18, 2005

Security’s new deal

Security companies have entered a new era: Buy or be bought.

Signs of the shift have appeared in a flurry of recent deals.  Security giant Symantec is moving outside its niche with its pending purchase of storage maker Veritas Software.  On the other side, networking company Cisco Systems and software giant Microsoft have snapped up fast-growing security companies, looking to give their own growth a boost.

This push toward diversification, coming amid widespread consolidation in many areas of the tech industry, has investment bankers and analysts wondering whether companies that specialize purely in security products can continue to thrive.

“There’s a debate whether the security market (will remain) its own market, over time—or will it be subsumed into two other markets, like the communications equipment market, or the networking or systems management industry?”  said Kevin Sidders, a managing director at Credit Suisse First Boston.  Sidders heads up U.S. software efforts in the investment bank’s technology group.

Some security players say the industry will stay as is, selling standalone products such as antivirus software.  They note that network threats are evolving so rapidly that companies are continually being born to tackle the new problems.

Others, however, argue that the future of security lies in the technology being integrated at all levels of a company’s network, from the hardware to the interface, and that the recent merger-and-acquisition activity bears this out.

Rapid revenue growth in the security industry is a key factor driving the deals.  Software, services and hardware companies in the sector will pull in $52.2 billion in sales in 2008, compared with $22.8 billion in 2003, predicts market research firm IDC.

That makes those businesses attractive targets for acquirers in the networking, communications and systems management industries, among others.

Still, some say that security companies may be stronger if they provide a soup-to-nuts IT package rather than a product to be bolted onto an existing network.

“Security, ultimately, will not be a standalone market,” said one investment banker who asked to remain anonymous.  “It will just be just another layer of the infrastructure stack.  It’s no longer about just making the security products work together.”

However it’s done, the important thing for the customer is to make the technology as smooth to use as possible, said Fred Rickabaugh, chief security officer at Premier, a Charlotte, N.C.-based provider of support services to health care companies.  “I want the capability to build the ‘best of breed’ in certain areas were it’s critical,” Rickabaugh said.

In segments of the market where too few players exist to create competitive bidding, Rickabaugh said consolidation would benefit the customer by bringing one-stop shopping for multiple features.

Given this importance to customers, security businesses will wield influence.

Laura Koetzle, a security analyst with Forrester Research, said that security companies may find themselves part of a portfolio where they’re considered core to the future of the acquirer.  “Security may be more of an influence as companies become blended,” Koetzle said.

Networking companies, for example, are finding that intrusion prevention technologies need to sit on top of or next to the network, in order to keep the data moving at a fast clip.

Posted on 03/18