Over the past few years, the security industry has been a hotbed of M&A activity. The big guys swallow the small guys and independent technologies become part of integrated suites or anchor products. We saw this with identity management, e-mail security, SSL VPNs, security event management, etc.
My prediction is that we will soon see a repeat of this cycle and this time the buyout activity will center on database security tools.
Why database security? To quote the famous bank robber Willie Sutton, "because that's where the money is." Databases contain loads of private, confidential, and regulated data that needs better protection than it has today. What's more, databases are complex pieces of software that are becoming more and more exposed to the Internet through flaky Web applications. Finally, existing security tools look at network connections and database servers but not the database itself. Databases need their own customized security safeguards.
There are a whole bunch of database security companies out there, including Application Security , Guardium, Imperva, IP Locks, Lumigent, etc. These guys do everything from vulnerability scanning to auditing and each is a venture-backed start-up. If you add up all of their cumulative revenue, it is probably less than $100 million--yet these firms are attractive takeover targets. For whom? How about IBM. Armonk has tons of database, security, and compliance tools but nothing for database security and compliance.
The same scenario applies to CA. Old database management experts BMC and Quest Software would also benefit from a database security play. EMC's RSA division has security event management and database encryption products so database security and auditing would round out its offerings rather nicely. You can never count out others like Hewlett-Packard, Microsoft, Oracle or Symantec either.
Before the year ends, I see a lot of buying and selling. Database security adds a lot of value to a lot of existing products and vendors. Remember, you read it here first.