In Depth

2 Vendor Megatrends and What They Mean to You

Consolidation (of smaller players) and convergence (of physical and IT security technologies) keep CSOs on their guard.

By Todd Datz

March 01, 2006 — CSO —

Know the companies who sell you security products? Your vendor list might look quite different tomorrow.

Security vendors, dare we say, are a faddish lot. After 9/11, "homeland security solutions" proliferated; today, everything's pitched as a "compliance solution." But there are two megatrends among security providers that CSOs should be keeping an eye on. They're real trends, not marketing spins, and they will potentially have direct impact on your contract writing and other daily activities.

One trend is consolidation. "We're seeing the bigger players buying out many of the smaller companies. And I think the largest of the security firms are looking to provide a full range of enterprise services," says C. Warren Axelrod, director of global information security at Pershing, a Bank of New York Securities Group company. "The larger firms, like Internet Security Systems, Symantec and Computer Associates, are buying in many areas to complement what they have. They're basically vying for control of the security space." Axelrod is dead on, and consolidation is just as rampant among physical security vendors as it is in the IT world.

The second trend is convergencethe confluence of IT and physical security systems and vendorswhich, in some sense, is another form of consolidation, only it's happening across the line that historically divided those two worlds.

Below, we examine what these vendor trends mean for CSOs.

Consolidation

Information security provider Symantec has been the poster child for mergers and acquisitions in the security world. In the past year and a half or so, Symantec acquired Brightmail (messaging security), Platform Logic (intrusion prevention), WholeSecurity (antiphishing), Sygate (network access control) and IM Logic (instant messaging security). And, in a blockbuster deal, it completed its $13.5 billion merger last July with Veritas, a storage software company. (See "Trendsetters," Page 56, for other recent M&A activity.) John Pescatore, a security analyst at Gartner, says this sort of activity is a sign that the supply of security vendors has exceeded demand. "For the last couple of years, security has been seen as a hot space, with lots of startups. In every area, there's been 12 different products to choose from," he says. Pescatore believes some markets, like those for firewalls and antivirus software, are maturing: "Now you see three vendors splitting 75 to 80 percent of market share and maybe four or five at most splitting the rest."

Physical security vendors are combining too. According to a recent Lehman Brothers report, "Security Industry Annual 2005," consolidation in the security products industry is a key trend for the following reason: "The global security market, as well as each individual subsector, remains relatively fragmented, and inevitably, every time a security company rises to leadership in a given niche, it becomes an attractive acquisition candidate." In the services arena, the report notes particular M&A activity in risk mitigation, manned guarding and security systems integration. Ray O'Hara, senior managing director at Vance, an investigation and consulting firm (which was itself acquired by Canadian company Garda at the end of last year), attributes guard company mergers partly to cost pressures. "If [a customer has] 1,000 guards across the U.S. or the world, there is continued pressure to make that 900 today, not 1,100. Consequently, [guard] companies can only grow by acquisition" rather than by placing more guards within current customers' businesses, O'Hara says.