Tired of wading through an overly saturated security market in search of the right defenses for your company? Here are some mergers security experts say would make the industry more tolerable. The information security market has seen a ton of consolidation in the last couple of years, which can be a nightmare for IT shops trying to keep track of who really owns the software they’re using and whom to call when the tool needs servicing. (Tracking Security Acquisitions Brings Headaches)But there’s another school of thought that such consolidation is actually making the security industry a less aggravating place. After all, the market has become saturated with so many vendors it can be difficult determining who sells what your enterprise truly needs to tackle a given malware or compliance issue. Besides, most IT shops would rather see security baked into the larger IT infrastructure provided by the likes of Microsoft, Cisco and others than spend money on a growing array of bolt-on devices.With that in mind, CSOonline conducted an unscientific poll, asking security pros about five security mergers they would like to see. Respondents suggested the big IT providers like Microsoft, IBM and Cisco go in search of more security acquisitions to further integrate digital defenses into the pipeline. Others want to see bigger security vendors like Symantec and McAfee buy up smaller companies that have features they currently lack. [Analysis: Security Industry Consolidation]We narrowed it down to three top-five lists submitted by three security industry leaders — Lawrence Pingree, a San Francisco-based security pro with ties to McAfee, BuddyFetch Inc. and the Digital Forensics Association (DFA); Richard Stiennon, chief research analyst at IT-Harvest; and Mike Rothman, keeper of the Security Incite blog and senior vice president of strategy at elQnetworks. Read what they have to say and add your voice to the debate via the “comments section” atop the page.Top 5 mergers wished for by Lawrence Pingree, a San Francisco-based security pro with ties to McAfee, BuddyFetch Inc. and the Digital Forensics Association (DFA) Pingree would like to see:1. McAfee bought by Microsoft2. Sourcefire absorbed by Symantec3. Imperva bought by Checkpoint4. Palo Alto Networks bought by RSA5. Sophos bought by IBMPingree explains his choices:“Despite acquiring several security vendors in recent years, Microsoft still needs to bolster its security portfolio and still can’t get there without more acquisition activity. They need something besides the Microsoft brand name to gain in the security space. A McAfee purchase would do well for them.“Symantec lacks a good IDS/IPS and security scanning product, and a Sourcefire purchase would make Symantec appear focused on security again. They would also do well buying Rapid7 to pick up vulnerability management (another hole in their portfolio).“The Imperva/Checkpoint idea is driven by the fact that Checkpoint’s aim is to own the firewall market. Imperva is taking names due to PCI and would help solidify Checkpoint’s game plan to own the firewall space.“RSA lacks a good IDS/IPS product and needs to work to maintain its market share. I’m thinking that RSA still has the encryption brand name and would do well to start to market that they are a broader security play.“IBM, meanwhile, is trying to be the service and software shop all in one and so adding Sophos to their portfolio would allow them better traction in the endpoint market, further extending their endpoint and server ownership strategy.”Top 5 mergers wished for by Richard Stiennon, chief research analyst at IT-HarvestStiennon would like to see:1. Reflex Security and RSA2. Juniper and Fortinet3. Kaspersky, Eset, AVG, Panda, and AhnLabs (for an uber-AV company)4. Crossbeam and StoneSoft5. AlgoSec and CiscoStiennon explains his choices:“Reflex has become a virtualization security company. They are all about the data center. EMC, a big data center provider with a desire to push into security, could take Reflex’s product and provide it to their customers.“Juniper does not have a good UTM story and zero security research. Fortinet is bigger today than Netscreen was when Juniper bought them. By buying Fortinet, Juniper would finally have a security story.“There are a confusing number of AV companies usually with a regional strength and revenue near $100 million. A combination of several good AV companies would give Symantec, McAfee, and Trend Micro a challenge.“Stonesoft has perfected the software firewall but does not have a strong appliance play. Crossbeam has been blindsided by Checkpoint’s acquisition of Nokia’s appliance business. Crossbeam plus Stonesoft would be a Nokia-plus-Checkpoint killer.“Despite years of trying Cisco has never grown past CLI. Algosec is a stand-alone firewall policy management company with a great product that already works with Cisco’s firewalls. It’s a natural acquisition.”Top 5 mergers wished for by Mike Rothman, keeper of the Security Incite blog and senior vice president of strategy at elQnetworks.Rothman would like to see:1. HP and a Big AV vendor TBD2. Cisco and Fortinet3. Oracle and Imperva (or Guardium)4. Symantec and GuardianEdge (or CREDANT)5. IBM and FortifyRothman explains his choices:“HP needs to get a bigger presence in the security space. There have been rumors of an HP/Symantec deal for years, but that’s probably too big a pill to swallow. McAfee is a good fit, but it would also be a big deal. More likely is someone like Trend or Sophos, which are big enough to make a difference, but not so big to be challenging to integrate.“The branch office UTM device has been and will continue to bring on more and more functionality, presenting a threat to Cisco’s huge edge router business. Buying Fortinet would eliminate that threat for Cisco.“Oracle has maintained for a long time that they do database security, but they need some coverage for folks that want to do DB security on the network. Imperva is interesting because of the web application firewall as well, which would be a great fit for Oracle.“Full-disk encryption is a feature of an endpoint security suite and Symantec doesn’t own the technology they sell, relying on an OEM deal with GuardianEdge. The longer they wait, the more money it will cost (unless GuardianEdge hits the wall — always a possibility) and if they can’t get a deal done, they risk alienating customers who would need to migrate to whatever they bought.“Clearly application security tools are not a long term standalone market. These capabilities need to be built into the development environments that engineers use to build the applications that run our businesses. That means IBM (the Rational Group), HP (Mercury), and Microsoft are logical buyers here. Also management specialists like CA and BMC are likely buyers. Fortify is the market leader, but there are plenty of other companies playing in this space.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe