Economic Woes Unlikely to Slow Acquisitions Among IT Security Companies

From Symantec to McAfee, IT security companies are still spending money on acquisitions in the face of trouble in the U.S. economy. Symantec's move to buy MessageLabs is just one of several acquisition moves by major security vendors in the past few months, including plays by McAfee and Sophos.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Even in a time of economic woes, IT security companies have shown themselves to be unafraid of making acquisitions.

The latest example came Oct. 8 from Symantec, which is putting up $695 million to buy security SAAS (software as a service) vendor MessageLabs. Symantec officials said the deal would bring upselling and cross-selling opportunities and enable the company to build out its own SAAS business.

In August, Symantec announced it will acquire PC Tools for an undisclosed sum. But Symantec is not the only company that has been on a bit of a spending spree. One of its chief security rivals, McAfee, agreed to acquire Secure Computing for $465 million last month. McAfee also closed on its $46 million purchase of Reconnex in August. Then there's Sophos, which just bought Utimaco Safeware.

IT Security's 2008 Acquisition Spree: 11 Major Security Acquisitions in 2008. Click here to read more.

But can such consolidation in the security market continue? Yes, some analysts said, and the ongoing challenge of securing enterprises is the reason why.

"If you look at the things that are going on in the market today, there's some things that businesses can't afford to go too light on given the exposure that they have," said Scott Crawford, an analyst with Enterprise Management Associates. "Businesses are already taking a pretty solid hit in terms of mismanaged business risk. They can ill-afford additional exposure to security and related IT risks."

A survey by Forrester Research bears that out. According to the analyst firm, most IT security decision makers expect their security budgets to either increase or stay the same in the coming year.

A weak market offers an opportunity for strong companies to snap up smaller vendors, noted Mike Haro, senior security analyst at Sophos, who added that Sophos is bullish about building the company's reach through future acquisitions.

Greg Hughes, Symantec's chief strategy officer, offered a similar sentiment. IT security and compliance remain robust markets even in the current market climate, he noted. There is long-term pressure, he added, to provide customers with simpler, comprehensive offerings from a single vendor-which means consolidation in the security space will continue.

"Acquisitions are a key part of our growth strategy," he said. "We look for companies that we think are extremely well-run and that fit our portfolio real well ... and that will help underpin our long-term growth objectives. So we will continue to be acquisitive."

Symantec Purchases Security Vendor MessageLabs to Build Out SAAS Business. Click here to read more.

Still, the turmoil in the mortgage and credit markets threatens to dry up a source of funding for wheeling and dealing by security companies, opined Paul Roberts, an analyst with The 451 Group. While there may be some tough quarters ahead in terms of IT spending, vendors know fundamentally, enterprises need security, he said.

"Companies are not going to abandon their use of technology, e-mail or the Internet," he said. "In a year, we're not all going to be crouched in bunkers-Terminator style- staring at the embers from our campfires and the piles of detritus from our former lives.

"We're going to be coming to work, switching on our computers and working. To that end, we're still going to need the technology and services that these companies are selling," Roberts said.