October 2, 2006 4:00 AM PDT

Security firms jump in the acquisition pool

A correction was made to this story. Read below for details.

The fish are jumping in the IT security industry.

In recent months, the sector has seen several billion-dollar buyout deals. That has created a feeding frenzy among would-be acquisition targets, roiling the industry's waters.

In June, storage giant EMC announced a $2.1 billion megamerger with RSA Security. In August, IBM announced plans to spend big money in the security arena, with a $1.3 billion buyout deal of Internet Security Services. And EMC last month snapped up Network Intelligence for $175 million.

"Security has gone from a 'nice to have' to a 'must have,' and corporate board rooms across America are spending millions to solve the problem," said Peter Kuper, an analyst at Morgan Stanley.

Driving the changes, in part, are new regulatory compliance issues and a desire by customers to deal with fewer vendors, investment bankers and analysts say. In addition, system management and networking companies are active buyers of this technology, as they seek to embed security into their systems or applications.

"The consolidation is happening now, but security will remain in silos until there is full integration of products, and that will take some time," said Ranjini Chandirakanthan, an analyst at ThinkEquity Partners.

She added it can take up to five years for new products to be developed and released.

Hot sectors
Security sectors that have particularly caught buyers' eyes include companies that prevent data leakage, as well as those that tackle identity theft, Chandirakanthan noted.

Encryption technology, intrusion prevention systems, electronic data security and compliance driven applications are also gaining attention from prospective buyers, said Ian MacLeod, managing director of investment banking for Goldman Sachs.

"Security has gone from a 'nice to have' to a 'must have,' and corporate board rooms across America are spending millions to solve the problem."
--Peter Kuper, analyst, Morgan Stanley

Regulatory issues, such those relating to the Sarbanes-Oxley Act, are also helping to drive the security deals. Customers want to have a smaller set of vendors accountable if their technology fails to keep information secure and in compliance with regulations--and large systems and storage companies have the financial clout to act as consolidators.

"They have the ability to do the potential M&A (mergers and acquisition) deals in cash, or are large enough to do them with stock, or a combination of both," MacLeod said.

Midsize security companies are the ones most likely to be engaged in looking for a buyer or willing to do a deal, Kuper said.

Prior to their acquisition announcements, ISS and RSA Security, for example, had long been rumored to be potential buyout candidates.

Other names analysts point to on a short list of potential targets include Trend Micro, Check Point Software Technologies, McAfee and Secure Computing. These are companies that are too small to be a soup-to-nuts security provider, but too large to be a niche player, analysts and bankers noted.

Stuck in the middle
Companies like these are considered midtier players--a position that puts them at a disadvantage, analysts said.

"On one side, you have companies like Cisco (Systems) and Microsoft that will discount the price they charge for security, and on the other side, you have the best-of-breed (niche security) companies," Kuper said. He noted that mid-sized security companies are the ones most likely to be engaged in looking for a buyer or willing to do a deal.

Stocks in these companies are down by roughly 10 to 20 percent from year-ago levels, except for Secure Computing, which is down by nearly 60 percent. By comparison, the tech-heavy Nasdaq is up by more than 5 percent.

"McAfee would be a target, had it not been for its consumer business. Buyers don't want the consumer side, so maybe it could take the consumer piece private and sell the enterprise business," said one security analyst, who requested anonymity.

McAfee, meanwhile, has been busy snapping up more security companies, in a likely bid to increase its critical mass and become a one-stop player.

And over the past two years, speculation has periodically flared up on Wall Street that Cisco would acquire antivirus software maker Trend Micro. Networking giant Cisco, which has been a longtime buyer of security businesses, expanded its relationship with Trend Micro last year, as part of its Adaptive Threat Defense initiative.


Correction: Due to incorrect information provided by a financial-analyst site, this story misspelled the last name of a Morgan Stanley analyst. His name is Peter Kuper.

See more CNET content tagged:
Check Point Software Technologies Ltd., acquisition, security provider, storage company, buyer

1 comment

Join the conversation!
Add your comment
money can't buy you real security....
Personally, I think that spending billions of dollars to buy out a security company isn't going to solve many problems. It's important that the merge between the security company and the business is compatible, this often requires more than just purchasing or partnering with a big name security company. But I'm sure it'll take them another good 20 years to figure that one out.

Honestly, I think SMB's have it the best. They may not have the money to buy out huge security companies, but because they don't, they have to be smart about their choices in spending. They WILL finding a security solution that is a right fit with their business.
<a class="jive-link-external" href="http://www.essentialsecurity.com/news.htm?id=25" target="_newWindow">http://www.essentialsecurity.com/news.htm?id=25</a>
And also, because most are start-ups, they will have the opportunity to incorporate security measures from the start, rather than trying to change up their company culture to squeeze it in.

It's not about buying that big house that has rooms you'll never use. It's about buying that comfortable, quaint house that is a firm foundation on which to build upon and has the ability to be improved upon and remodeled to adapt to the times.
Posted by mveronica (40 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.