Increased demand for security suites and too many anti-virus vendors could create a good brew for consolidation, said industry watchers.
While industry giant Symantec continues to broaden their portfolios with the recent acquisitions of Relicore, Sygate and WholeSecurity, smaller anti-virus companies profits are being pinched.
And even as large players such as RSA Security have reported impressive first quarter 2006 earnings, smaller players including Entrust, Internet Security Systems and Websense have all missed their revenue projections.
On April 17, RSA reported net income of $5.3 million on revenue of $87.5 million for the first quarter ending March 31. The results topped expectations.
Smaller vendors, however, have issued profit and sales warnings. Entrust said April 6 it would report a first quarter loss with revenue of $21 million.
On April 7, ISS said its first quarter sales would fall $2 million short of estimates at $80 million. On April 5, Websense announced its financial results would fall short of Wall Street estimates with revenue of $42.3 and 42.5 million.
Couple those results with the fact there are an estimated 800-to-1,000 different companies on the global market selling IT security applications at present and consolidation is likely.
“The simple facts are that there are way too many security companies out there and we havent seen a major virus outbreak in a while,” said John Pescatore, an analyst with Gartner, based in Stamford, Conn.
“Two years ago when some of the big worms hit you saw a lot of venture capital money being thrown at a lot of different security companies, but not all of them can last.”
In addition to demand for integrated security applications for centralized management, many customers are also hoping to deal with fewer vendors, said Pescatore.
He predicted that companies focused specifically on products tied to compliance with government regulations such as The Sarbanes-Oxley Act, may also see demand slip.
Another example of companies ripe for acquisition are firms which provide only one type of application, such as anti-spyware, that are now included in many software suites that aim to address many different types of malware.
“This has been coming together for some time, mostly based on the need for greater ease-of-management with all the different security point products on the market,” said Charlotte Dunlap, analyst with Current Analysis, Port Washington, N.Y.
“We will see more threat protection technologies being bundled together, as with the ongoing combination of intrusion protection and behavioral security tools.”
Wall Streets Take
Wall Street also sees consolidation coming. Neel Kashkari, an investment banker in Goldman Sachs Cupertino, Calif., offices said that there are a number of security-oriented mergers and acquisitions in the pipeline at present, driven largely by the demands of keeping up with increasingly sophisticated IT threats.
“The big vendors will buy smaller, younger companies because they need the new capabilities these firms can offer, their customers are asking for more comprehensive products and the purchases will increase their revenues,” Kashkari said.
“As long as hackers come up with new ways to steal data, new technologies to defeat them will be required. Since it is difficult for bigger vendors to innovate as quickly on their own, many of these new tools will be developed at young companies.”
Another trend driving potential consolidation could be the continued investment in security technologies by companies working in other areas of the IT landscape, such as storage giant EMCs buyout of Authentica in March.
Grisoft, a midsize anti-virus specialist based in the Czech Republic, announced a deal on April 19 to purchase rival Ewido Networks, a much smaller company with a different type of anti-malware applications engine.
The deal, the terms of which were not disclosed, was helped along by the $52 million recently invested in Grisoft by chip giant Intel.
Dennis Smith, director of Grisoft, predicted that such investment from outside the security sector, combined with the need for applications vendors to continue to broaden their offerings, is certain to drive more deals of the same nature.
“The security market as a whole will undoubtedly continue to grow, but the increasing sophistication and speed of attacks makes it such that only those companies with enough resources to invest in their infrastructure to stay ahead of new threats will survive,” said Smith.
“In this case, we found a small but very aggressive company that has technology that handles anti-virus differently than our existing products; I think these are the sorts of deals that well see more of going forward.”
Indeed, the consolidators plan to keep hunting for deals. Israeli firewall specialists Check Point Software Technologies, which is under pressure from networking giant Cisco Systems, recently tried to buy security appliance maker Sourcefire, but the deal was shot down by regulators.
“Were not sitting back and I would expect even more mergers and acquisitions to start closing, because the smaller companies with unique technologies can help companies fill gaps in their portfolios,” said Ken Fitzpatrick, chief marketing officer for Check Point.