Security's new deal

(continued from previous page)

private networks and firewalls. And last December, 3Com announced a $430 million purchase of intrusion prevention specialist TippingPoint Technologies.

		Related story Microsoft's long fuse Security firms brush off Microsoft's anti- spyware plans, but analysts say Redmond could yet become a security force.

Prospective buyers are also interested in anti-spyware companies and providers of security technology for devices and computers used by workers, said Anton Papp, vice president of information technology at investment bank Montgomery & Co.

Activity in the other direction--security companies buying outside their niche--is rarer, but still happening.

Symantec's acquistion of Veritas, a slower-growing storage company, is a case in point. The deal is expected to expand the security company's reach into the broadly defined systems management industry.

"Symantec is seeing their profit margins and market squeezed by IBM, Microsoft and Cisco, which are entering the security market, so they had to diversify," Papp said.

Hold the autopsy
Don't look for the demise of the security industry just yet, some industry observers countered. The trend toward absorbing and being absorbed hasn't been going on long enough to tell whether it's a real shift yet.

"(We're) still a year or two off from determining whether this hypothesis is real," Credit Suisse First Boston's Sidders said. "Once it's determined it's real, then it will take another three to four years to become ingrained in the industry."

Tying the knot

The growing importance of security in the office and home has sparked a shower of deals.

Symantec

Target: Storage specialist Veritas Software

Deal: $13.5 billion, expected to close by early May

Impact: Will let combined company market integrated bundles of storage and security software to corporate customers.

Cisco Systems

Target: Security hardware vendor Riverhead Networks

Deal: $39 million, completed 2004

Impact: Adds hardware to curtail distributed denial-of-service attacks to Cisco's intrusion prevention lineup.

Other security buys: Twingo, Okena

Microsoft

Target: Antivirus software maker Sybari Software

Deal: Unspecified amount, expected to close first half 2005

Impact: Provides antivirus and antispam tool for e-mail and collaboration servers.

Other security buys: Giant Company Software, GeCad

Juniper Networks

Target: Network security provider NetScreen Technologies

Deal: $4 billion merger, completed April 16, 2004

Impact: Brings software and hardware to protect VPNs, create corporate firewalls and manage network traffic.

3Com

Target: TippingPoint Technologies

Deal: $430 million merger, completed Jan. 31

Impact: Provides intrusion detection appliance that inspects packets entering networks.

The cost of acquisitions could also temper the speed of the shift. About 30 security companies have a market capitalization of at least $50 million. By comparison, seven years ago that was true of only six to 10 businesses, Sidders said.

And because this industry is viewed as high growth, most security companies are content to build out their business, rather than hang out a "for sale" shingle.

"Security companies are bought, not sold. It's such a hot space," Papp said.

Not all of the buying activity is taking security companies beyond that market. Some companies are firmly holding onto the concept of remaining independent and focused solely on purely protective products, even while they make acquisitions.

McAfee bought digital security company Foundstone to bolster its security product line. McAfee has also bought other security vendors recently.

In addition, Check Point Software Technologies has largely grown its business through internal efforts, with the exception of the Zone Labs acquisition in late 2003.

Richard Stiennon, vice president of threat research at Webroot Software, puts himself in the camp that believes a standalone security industry is here to stay.

"New security companies are starting all the time to deal with a specific specialization," Stiennon said. "Five years ago, there were no antispam companies or anti-spyware companies. I don't think that will change."

[ordaj]

All these security companies...

...and all this security software and yet we still have breaches, viruses, spyware, hacks, identity theft, keystroke loggers, etc. I still don't feel my data is safe. All this money spent on security and where are we? Nowhere. Clearly, things are not working.

[Scott W]

agreed

something needs to be done to change things. software needs to be built from the ground up to not only deal with current threats, but possible future threats too. 'twould also help if M$ created a more secure OS... yeah, THAT'S gonna happen.

[ordaj]

All these security companies...

...and all this security software and yet we still have breaches, viruses, spyware, hacks, identity theft, keystroke loggers, etc. I still don't feel my data is safe. All this money spent on security and where are we? Nowhere. Clearly, things are not working.

[Scott W]

agreed

something needs to be done to change things. software needs to be built from the ground up to not only deal with current threats, but possible future threats too. 'twould also help if M$ created a more secure OS... yeah, THAT'S gonna happen.

[Prndll]

The bigger picture....

So much of the problem is the ability to manipulate the OS by remote.

You want security...
Some method of making the OS isolated from the internet needs to be looked at. Perhaps a hardware based OS that is permanently set into the chips. The bios is fairly well isolated, why not do the same with the OS?

What about the use of smaller "terminals". A big bold new complete computer just isn't necessary in most offices or in many home networks. A server could be used and employees just connected with hardware based machines that cannot be "infected". Many home networks only would require a single server with multiple smaller pc's connected to it. These smaller pc's could be P4's but with windows on PROM chips only using a harddrive to store information and data not used for the OS. If it's done right, drivers and such would not be a problem. Employee computers get infected because of the fact that not only do employees not respect or completely understand the machines, their machines are also setup in such a way that would allow for problems.

It would not fix everything, but making the OS as a permanent hardware install would go a LONG way. Like making an OS installation as easy as installing a stick of ram. If things are done right, things that change like the registry would not be such an issue.

Alot of the security problem is that browsers actually process the code on webpages that allow a website access to the users' OS and harddrive. The fact that this code is legit is bad enough, but to build a browser to process this code makes things so much worse.

People don't seem to want to learn anything about how and why computers do what they do. Until this changes, there will always be a serious problem with security. Regardless of what MS or anyone else produces. Although MS seems more interested in wowing people with new bells and whistles than in security. Their security focus is only skin deep.

The real thrust needs to be in educating people. The very people that are putting these very power devices in their childrens bedrooms have no clue as to the danger they put their children in. Not to mention the money. These things are not toys and should not be looked at as such. Every person buying a computer has a personal responsibility to learn something about them. Unfortunately, most of them will not even read the posts on this site or even give any of this a second thought.

Some serious concideration needs to be given as to the nature of Windows XP. XP is dangerous for use on the consumer market. The average user just is not equipt to deal with XP properly. XP is a differant animal, most people are treating it like any other Windows OS. Until XP came out, the idea of becoming virus infected with seconds of connecting to the net was just not even a question. A serious look at it's full raw sockets support should be concidered. 98se was perfect for most home users. Those that needed more could get it through Win2k. Although, how do you actually talk security to a gamer bent on XP just for their high end games?

These companies can clammer all they want to do whatever. There really needs to be some changes take place in order for security to be properly addressed.

[Prndll]

The bigger picture....

So much of the problem is the ability to manipulate the OS by remote.

You want security...
Some method of making the OS isolated from the internet needs to be looked at. Perhaps a hardware based OS that is permanently set into the chips. The bios is fairly well isolated, why not do the same with the OS?

What about the use of smaller "terminals". A big bold new complete computer just isn't necessary in most offices or in many home networks. A server could be used and employees just connected with hardware based machines that cannot be "infected". Many home networks only would require a single server with multiple smaller pc's connected to it. These smaller pc's could be P4's but with windows on PROM chips only using a harddrive to store information and data not used for the OS. If it's done right, drivers and such would not be a problem. Employee computers get infected because of the fact that not only do employees not respect or completely understand the machines, their machines are also setup in such a way that would allow for problems.

It would not fix everything, but making the OS as a permanent hardware install would go a LONG way. Like making an OS installation as easy as installing a stick of ram. If things are done right, things that change like the registry would not be such an issue.

Alot of the security problem is that browsers actually process the code on webpages that allow a website access to the users' OS and harddrive. The fact that this code is legit is bad enough, but to build a browser to process this code makes things so much worse.

People don't seem to want to learn anything about how and why computers do what they do. Until this changes, there will always be a serious problem with security. Regardless of what MS or anyone else produces. Although MS seems more interested in wowing people with new bells and whistles than in security. Their security focus is only skin deep.

The real thrust needs to be in educating people. The very people that are putting these very power devices in their childrens bedrooms have no clue as to the danger they put their children in. Not to mention the money. These things are not toys and should not be looked at as such. Every person buying a computer has a personal responsibility to learn something about them. Unfortunately, most of them will not even read the posts on this site or even give any of this a second thought.

Some serious concideration needs to be given as to the nature of Windows XP. XP is dangerous for use on the consumer market. The average user just is not equipt to deal with XP properly. XP is a differant animal, most people are treating it like any other Windows OS. Until XP came out, the idea of becoming virus infected with seconds of connecting to the net was just not even a question. A serious look at it's full raw sockets support should be concidered. 98se was perfect for most home users. Those that needed more could get it through Win2k. Although, how do you actually talk security to a gamer bent on XP just for their high end games?

These companies can clammer all they want to do whatever. There really needs to be some changes take place in order for security to be properly addressed.