Is Security Consolidation Coming?By Matt Hines | Posted 04-20-2006
Is Security Consolidation Coming?
Increased demand for security suites and too many anti-virus vendors could create a good brew for consolidation, said industry watchers.
While industry giant Symantec continues to broaden their portfolios with the recent acquisitions of Relicore, Sygate and WholeSecurity, smaller anti-virus companies' profits are being pinched.
And even as large players such as RSA Security have reported impressive first quarter 2006 earnings, smaller players including Entrust, Internet Security Systems and Websense have all missed their revenue projections.
On April 17, RSA reported net income of $5.3 million on revenue of $87.5 million for the first quarter ending March 31. The results topped expectations.
Smaller vendors, however, have issued profit and sales warnings. Entrust said April 6 it would report a first quarter loss with revenue of $21 million.
On April 7, ISS said its first quarter sales would fall $2 million short of estimates at $80 million. On April 5, Websense announced its financial results would fall short of Wall Street estimates with revenue of $42.3 and 42.5 million.
Couple those results with the fact there are an estimated 800-to-1,000 different companies on the global market selling IT security applications at present and consolidation is likely.
"The simple facts are that there are way too many security companies out there and we haven't seen a major virus outbreak in a while," said John Pescatore, an analyst with Gartner, based in Stamford, Conn.
"Two years ago when some of the big worms hit you saw a lot of venture capital money being thrown at a lot of different security companies, but not all of them can last."
In addition to demand for integrated security applications for centralized management, many customers are also hoping to deal with fewer vendors, said Pescatore.
He predicted that companies focused specifically on products tied to compliance with government regulations such as The Sarbanes-Oxley Act, may also see demand slip.
Another example of companies ripe for acquisition are firms which provide only one type of application, such as anti-spyware, that are now included in many software suites that aim to address many different types of malware.
"This has been coming together for some time, mostly based on the need for greater ease-of-management with all the different security point products on the market," said Charlotte Dunlap, analyst with Current Analysis, Port Washington, N.Y.
"We will see more threat protection technologies being bundled together, as with the ongoing combination of intrusion protection and behavioral security tools."
Next Page: Wall Street's take.
Wall Street also sees consolidation coming. Neel Kashkari, an investment banker in Goldman Sachs' Cupertino, Calif., offices said that there are a number of security-oriented mergers and acquisitions in the pipeline at present, driven largely by the demands of keeping up with increasingly sophisticated IT threats.
"The big vendors will buy smaller, younger companies because they need the new capabilities these firms can offer, their customers are asking for more comprehensive products and the purchases will increase their revenues," Kashkari said.
"As long as hackers come up with new ways to steal data, new technologies to defeat them will be required. Since it is difficult for bigger vendors to innovate as quickly on their own, many of these new tools will be developed at young companies."
Read the full story on eWEEK.com: Is Security Consolidation Coming?