I heard through the security industry grapevine that McAfee was close to buying ArcSight a few years ago but the board was reluctant to do another multi-hundred million dollar acquisition so the company passed. Clearly, McAfee knew it needed security management to round out its portfolio so it was only a matter of time until it pulled the trigger. Fast forward to October 2011. At the start of National Cybersecurity Awareness Month, McAfee took the plunge by acquiring Nitro Security, a security management vendor based in lovely Portsmouth, NH. To be clear, Nitro Security isn't ArcSight in terms of installed base or acquisition price for that matter, but McAfee still picked a winner. Furthermore, McAfee's will likely benefit rather than suffer for postponing its security management purchase by a few years. Why? In the 2008-2009 timeframe, SIEM tools were designed for basic event filtering\/correlation, and high-level regulatory compliance reporting but requirements are rapidly changing. Security management tools need situational awareness up and down the technology stack, extremely deep network analytics, and massive scale. The market is changing and Nitro has a great technical platform for new security needs.A few other thoughts here:1. Given the emergence of sophisticated threats along with IT transformation (i.e. consumerization, virtualization, cloud, etc.), large organizations are looking to work with security vendors who can play across the enterprise. Sort of the security equivalent of moving from MRP to ERP back in the 1990s. There are lots of security vendors but very few have this enterprise-class profile. With Nitro, McAfee is certainly one of the few vendors that fit this model.2. Nitro has really excelled in utilities market as of late. McAfee should be able to build upon this momentum.3. Nitro Security is gaining market attention due to two of its strengths: scalability and analystics. McAfee understands that the security management market is rapidly headed in this direction. 4. While Federal IT spending will likely take a hit, security spending remains a priority. McAfee is especially strong here (on its own and with the Secure Computing assets), and there is a lot of pent up demand for security management and security management integration into the Einstein project.5. In ESG's annual IT spending intentions survey, "network security" was identified as the category of security technologies where organizations would make their most significant IT investments. McAfee can use Nitro Security to build upon its leadership position as it competes with Cisco, Check Point, and Juniper.Good move by McAfee that should round out the companies existing security strengths with endpoints, ePO, DLP, and networks. As I conclude this blog, other security management M&A activity is unfolding -- more tomorrow.