Anti-Virus Market Is Due for Consolidation

Big vendors thrive and small ones dive; mergers on the way.

Increased demand for security suites and too many anti-virus vendors could create a good brew for consolidation, say industry watchers.

While industry giants such as market leader Symantec continue to broaden their portfolios with the recent acquisitions of Relicore, Sygate and WholeSecurity, smaller anti-virus companies profits are being pinched. While large players such as RSA Security have reported impressive earnings for the first quarter of 2006, many smaller players, including Entrust, Internet Security Systems and Websense, have missed their revenue projections.

On April 17, RSA reported net income of $5.3 million on revenue of $87.5 million for the first quarter. The results topped expectations. Smaller vendors, however, have issued profit and sales warnings. Entrust said April 6 it would report a first-quarter revenue loss of $21 million. On April 7, ISS said its first-quarter sales would fall $2 million short of estimates of $80 million. On April 5, Websense announced its financial results would fall short of Wall Street estimates with revenue between $42.3 million and 42.5 million.

Couple those results with the fact there are an estimated 800 to 1,000 companies on the global market selling IT security applications at present and consolidation is likely.

"The simple facts are that there are way too many security companies out there, and we havent seen a major virus outbreak in a while," said John Pescatore, an analyst with Gartner, in Stamford, Conn. "Two years ago, when some of the big worms hit, you saw a lot of venture capital money being thrown at a lot of different security companies, but not all of them can last."

In addition to demand for integrated security applications for the sake of more centralized applications management, many customers are also hoping to deal with fewer vendors, said Pescatore. He predicted that companies focused specifically on products tied to compliance with government regulations such as the Sarbanes-Oxley Act may also see demand slip.

Another prime example of the types of companies ripe for acquisition are ones that provide only one type of application, such as anti-spyware, that are now included in many software suites that aim to address many different types of malware.

"This has been coming together for some time, mostly based on the need for greater ease of management with all the different security point products on the market," said Charlotte Dunlap, an analyst with Current Analysis, in Port Washington, N.Y. "We will see more threat protection technologies being bundled together, as with the ongoing combination of intrusion protection and behavioral security tools."

Wall Street also sees consolidation coming. Neel Kashkari, an investment banker in Goldman Sachs Cupertino, Calif., office, said that there are a number of security-oriented mergers and acquisitions in the pipeline at present, driven largely by the demands of keeping up with increasingly sophisticated IT threats.

"The big vendors will buy smaller, younger companies because they need the new capabilities these firms can offer, these customers are asking for more comprehensive products and the purchases will increase their revenues," Kashkari said. "As long as hackers come up with new ways to steal data, it will require new technologies to defeat them, and many of these new tools will be developed at young companies; its really hard for the bigger guys to innovate as quickly on their own."

Another trend driving potential consolidation could be the continued investment in security technologies by companies working in other areas of the IT landscape, such as storage giant EMCs buyout of Authentica in March.

Grisoft, a midsize anti-virus specialist based in Millburn, N.J., announced a deal on April 19 to purchase rival Ewido Networks, a much smaller company with a different type of anti-malware applications engine. The deal, the terms of which were not disclosed, was helped along by the $52 million recently invested in Grisoft by chip maker Intel.

Dennis Smith, director of Grisoft, predicted that such investment from outside the security sector, combined with the need for applications vendors to continue to broaden their offerings, is certain to drive more deals of the same nature.

"The security market as a whole will undoubtedly continue to grow, but the increasing sophistication and speed of attacks makes it such that only those companies with enough resources to invest in their infrastructure to stay ahead of new threats will survive," said Smith. "In this case, we found a small but very aggressive company that has technology that handles anti-virus differently than our existing products; I think these are the sorts of deals that well see more of going forward."

Indeed, the consolidators plan to keep hunting. Firewall specialist Check Point Software Technologies, of Ramat-Gan, Israel, under pressure from Cisco Systems, recently tried to buy security appliance maker Sourcefire, but the deal was shot down by regulators. "Were not sitting back and I would expect even more mergers and acquisitions to start closing, because the smaller companies with unique technologies can help companies fill gaps in their portfolios," said Ken Fitzpatrick, chief marketing officer for Check Point.

The urge-to-merge virus

Analysts and industry insiders agree that the anti-virus market may be poised for consolidation. Heres why:

* Too many providers of similar technologies

* Customers demand more integrated security tools

* Chasing threats becoming increasingly expensive

* Larger companies shopping for boutique technologies

* Nonsecurity vendors investing in anti-virus tools

* Post-compliance spending may slow down

Source: eWEEK