M&A: Is Security Industry Set For A Paradigm Shift?

by Priyanka Pugaokar    Sep 28, 2016


Mergers and acquisitions (M&A) are not new concepts in the end point security market. The complex threat landscape and the growing demand for holistic security architecture has led security vendors opt for business consolidation in order to address evolving security needs of enterprises. Considering the pace at which cyber criminals are becoming powerful, it is inevitable for security companies to redefine their security posture and here M&A comes in a big way. According to the 451 Research, the number of security acquisitions has increased by 41 percent in the past two years. Hence, M&A will gain momentum as leading security players continue to go for business collaborations in order to improve on technology innovation and reach. 

Security Industry Ripe For Consolidation

The year 2016 marked some of the strategic acquisitions by some of the big security vendors. The changing face of the enterprise security is largely driving the trend of M&A. In a much talked about deal, Symantec acquired Blue Coat for approximately $4.651 billion. The deal adds the web security to Symantec’s wide portfolio and facilitates Blue Coat’s entry into Symantec’s growth regions.  Another major vendor in cyber security, Avast Software acquired its rival AVG Technologies for approximately $1.3 billion. Combining Avast’s and AVG’s users, the organization will now have a worldwide network of more than 400 million endpoints.

A long time security player, Cisco made its powerful comeback with a slew of acquisitions. The company recently completed acquisition of CloudLock for $293 million to enhance its cloud security portfolio. CloudLock is just one of several acquisitions Cisco has made in the cloud security segment. Lancope, OpenDNS, and Sourcefire are among its other strategic acquisitions in past years, resulting in a 12 per cent growth in the revenue in 2015.

Also Read: Cyber Security To Fuel Cisco’s Growth Engine

IBM is also silently building its security business through various acquisitions. The company has bought a number of security specific vendors, including CrossIdeas, Lighthouse Security Group and Trusteer in the last three years. IBM’s recent acquisition includes Resilient, which is a part of its expansion in the incident response marketplace. Last year, Digital Guardian bought Code Green Networks, part of a series of acquisitions in data protection.

“Vendors are acquiring other vendors to complete their security portfolio, which they had been lacking or sometimes they acquire their direct competitors have a better presence and service in a particular region which they might lack. This actually helps vendors to improve their security offerings and acquire more customers and services of the other vendor they acquire,” said Rajpreet Kaur, Senior Research Analyst at Gartner.

Interestingly, while endpoint security is generating interest among major technology companies, global player Intel has decided to spin off its cyber security operations as an independent company under the name McAfee. Though it is more of a management driven decision, but it indicates that the company is shifting from its few security point solutions and focusing on its core business. 

M&A clearly indicates an ambition among cyber security companies to build a complete platform of solutions. Experts say that the industry continue to see consolidation of business, since players such as IBM, Accenture, HPE etc. are keen to expand their security wings.

Also Read: Global Cyber Security Market To Surpass $137 Bn By 2021: Study

The Disruptive Force Of Startups 

Major security vendors are showing interest in security startups in order to gain a competitive edge in the highly contested market. The constant growth in new threat variants and the persistent shortage of security experts are driving the security vendors towards security startups. Startups are more agile and innovative, which gives them an edge over established players. Hence, big security companies are on hunt for innovation driven start-ups who will help them in retaining their market position. Similarly, it is a win-win for startups who get exposure due to the vast business scale of established vendors. 

The lookout for security startups is not restricted only to security vendors. Companies across the technology domain are increasingly strengthening their security arm with such acquisitions. In a bid to expand its existing IAM services and security as a service capability, Accenture announced acquisition of Australian security company Redcore. Infoblox recently bought IID and FireEye acquired Invotas and iSIGHT Partners. Similarly, vendors such as HPE, IBM, Cisco, Juniper Networks have shown interest in startups like Proofpoint and Imperva. 

“Due to the constantly changing threat landscape, there will always be start-ups and new investments as prominent players consolidate their positions. Consolidation will, on one hand, allow integrated solutions to be developed while paving way for more start-ups and organizations to flourish as well,” said Gaurav Sharma, Research Manager-Enterprise & IPDS at IDC. 

However, while some acquisitions have proven game changer for security vendor, they have also faced heat due to certain failed tie-ups. In such situations, it is essential for vendors to be very cautious in making choice between the best of security solution vendors. For instance, Dell acquired Sonicwall to build up their portfolio on the front of gateway security. However, this acquisition did not bring the real value to both the vendors. Now the company is reportedly planning to sell off its software business, including Quest Software, SonicWall, and the Statistica analytics platform, to private equity firms Elliot Management and Francisco Partners.

“Vendors would have to be careful in selecting the best opportunities for M&A since a bad choice could affect their current successful product and solution lines as well,” said Sharma. 

Also Read: Are CIOs Ready For Cybersecurity Preparedness?

M&A: Silver Bullet For Legacy Vendors?

M&A will prove to be the silver bullet legacy vendors need to maintain leadership in an otherwise flattening market. While the web security industry has a bright future, the underground dark markets are also becoming powerful and complex. The cybercrime industry has consolidated and organized in past years making it difficult for anti-cybercrime forces to crack it down. Hence, it is inevitable for security companies to beef up their security posture on all the fronts. In fact, M&A is the way to enhance strengths and capabilities of companies by acquiring the solution portfolio of other company.

It is clear that the market dynamics are leading the industry towards M&A. Consolidation will remain the predominant theme in the security business and the industry will see some unexpected and interesting acquisitions in the next few years. However, constant technological innovation and holistic security approach will remain the de facto for success of these integrations of businesses.