Security's new deal By Dawn Kawamoto http://news.com.com/Securitys+new+deal/2100-7350_3-5624251.html
Story last modified Fri Mar 18 04:00:00 PST 2005 Security companies have entered a new era: Buy or be bought. Signs of the shift have appeared in a flurry of recent deals. Security giant Symantec is moving outside its niche in a megamerger with storage maker Veritas Software. On the other side, networking company Cisco Systems and software giant Microsoft have snapped up fast-growing security companies, looking to give a boost to their own growth. This push toward diversification, coming amid widespread consolidation in many areas of the tech industry, has investment bankers and analysts wondering whether companies that specialize purely in security products can continue to thrive. "There's a debate whether the security market (will remain) its own market, over time--or will it be subsumed into two other markets, like the communications equipment market, or the networking or systems management industry?" said Kevin Sidder, a managing director at Credit Suisse First Boston, who heads up U.S. software efforts in the investment bank's technology group. Some security players say the industry will stay as is, selling standalone products such as antivirus software. They note that network threats are evolving so rapidly that companies are continually being born to tackle the new problems. Others, however, argue that the future of security lies in the technology being integrated at all levels of a company's network, from the hardware to the interface, and that the recent merger-and-acquisition activity bears this out. Rapid revenue growth in the security industry is a key factor driving the deals. Software, services and hardware companies in the sector will pull in $52.2 billion in sales in 2008, compared with $22.8 billion in 2003, predicts market research firm IDC. That makes those businesses attractive targets for acquirers in the networking, communications and systems management industries, among others. It also reminds some security companies that they may be stronger as a provider of a soup-to-nuts IT package than of a product to be bolted onto an existing network. "Security, ultimately, will not be a standalone market," said one investment banker who asked to remain anonymous. "It will just be just another layer of the infrastructure stack. It's no longer about just making the security products work together." However, it's done, the important thing for the customer is to make the technology as smooth to use as possible, said Fred Rickabaugh, chief security officer at Premier, a Charlotte, N.C.-based provider of support services to healthcare companies. "I want the capability to build the 'best of breed' in certain areas were it's critical," Rickabaugh said. In segments of the market where too few players exist to create competitive bidding, Rickabaugh said consolidation would benefit the customer by bringing one-stop shopping for multiple features. Given this importance to customers, security businesses will wield influence. Laura Koetzle, a Forrester security analyst, said that security companies may find themselves part of a portfolio where they're considered core to the future of the acquirer. "Security may be more of an influence as companies become blended," Koetzle said. Networking companies, for example, are finding that intrusion prevention technologies need to sit on top or next to the network, in order to keep the data moving at a fast clip. Last year, router maker Juniper Networks said it will acquire NetScreen Technologies in a $4 billion agreement that will bring it technology for virtual private networks and firewalls. And last December, 3Com announced a $430 million purchase of intrusion prevention specialist TippingPoint Technologies. Prospective buyers are also interested in anti-spyware companies and providers of security technology for devices and computers used by workers, said Anton Papp, vice president of information technology at investment bank Montgomery ' Co. Activity in the other direction--security companies buying outsider their niche--is rarer, but still happening. Symantec's merger with Veritas, a slower-growing storage company is a case in point, expanding the security company's reach into the broadly defined systems management industry. "Symantec is seeing their profit margins and market squeezed by IBM, Microsoft and Cisco, which are entering the security market, so they had to diversify," Papp said. Hold the autopsy Don't look for the demise of the security industry just yet, some industry observers countered. The trend toward absorbing and being absorbed hasn't been going on long enough to tell whether it's a real shift yet. "(We're) still a year or two off from determining whether this hypothesis is real," Credit Suisse First Boston's Sidder said. "Once it's determined its real, then it will take another three-to-four years to become ingrained in the industry." Tying the knot The growing importance of security in the office and home has sparked a shower of deals. The price of acquisition could also temper the speed of the shift. About 30 security companies have a market capitalization of at least $50 million--a rise from six to 10 such businesses seven years ago, Sidder said. And because this industry is viewed as high growth, most security companies are content to build out their business, rather than hang out a "for sale" shingle. "Security companies are bought, not sold. It's such a hot space," Papp said. Not all of the buying activity is taking security companies beyond that market. Some companies are firmly holding onto the concept of remaining independent and focused solely on purely protective products, even while they make acquisitions. McAfee bought digital security company Foundstone to bolster its security product line--like its other recent purchases, the target was another security vendor. In addition, Check Point Software Technologies has largely grown its business through internal efforts, with the exception of the Zone Labs acquisition in late 2003. Richard Stiennon, vice president of threat research at Webroot Software, puts himself in the camp that believes a standalone security industry is here to stay. "New security companies are starting all the time to deal with a specific specialization," Stiennon said. "Five years ago, there were no antispam companies or anti-spyware companies. I don't think that will change." Copyright �1995-2005 CNET Networks, Inc. All rights reserved. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
