Security firms jump in the acquisition pool

Spate of billion-dollar deals is prompting midsize IT security providers to offer themselves up as buyout candidates.

A correction was made to this story. Read below for details.

The fish are jumping in the IT security industry.

In recent months, the sector has seen several billion-dollar buyout deals. That has created a feeding frenzy among would-be acquisition targets, roiling the industry's waters.

In June, storage giant EMC announced a $2.1 billion megamerger with RSA Security. In August, IBM announced plans to spend big money in the security arena, with a $1.3 billion buyout deal of Internet Security Services. And EMC last month snapped up Network Intelligence for $175 million.

"Security has gone from a 'nice to have' to a 'must have,' and corporate board rooms across America are spending millions to solve the problem," said Peter Kuper, an analyst at Morgan Stanley.

Driving the changes, in part, are new regulatory compliance issues and a desire by customers to deal with fewer vendors, investment bankers and analysts say. In addition, system management and networking companies are active buyers of this technology, as they seek to embed security into their systems or applications.

"The consolidation is happening now, but security will remain in silos until there is full integration of products, and that will take some time," said Ranjini Chandirakanthan, an analyst at ThinkEquity Partners.

She added it can take up to five years for new products to be developed and released.

Hot sectors
Security sectors that have particularly caught buyers' eyes include companies that prevent data leakage, as well as those that tackle identity theft, Chandirakanthan noted.

Encryption technology, intrusion prevention systems, electronic data security and compliance driven applications are also gaining attention from prospective buyers, said Ian MacLeod, managing director of investment banking for Goldman Sachs.

"Security has gone from a 'nice to have' to a 'must have,' and corporate board rooms across America are spending millions to solve the problem."
--Peter Kuper, analyst, Morgan Stanley

Regulatory issues, such those relating to the Sarbanes-Oxley Act, are also helping to drive the security deals. Customers want to have a smaller set of vendors accountable if their technology fails to keep information secure and in compliance with regulations--and large systems and storage companies have the financial clout to act as consolidators.

"They have the ability to do the potential M&A (mergers and acquisition) deals in cash, or are large enough to do them with stock, or a combination of both," MacLeod said.

Midsize security companies are the ones most likely to be engaged in looking for a buyer or willing to do a deal, Kuper said.

Prior to their acquisition announcements, ISS and RSA Security, for example, had .

Other names analysts point to on a short list of potential targets include Trend Micro, Check Point Software Technologies, McAfee and Secure Computing. These are companies that are too small to be a soup-to-nuts security provider, but too large to be a niche player, analysts and bankers noted.

Stuck in the middle
Companies like these are considered midtier players--a position that puts them at a disadvantage, analysts said.

"On one side, you have companies like Cisco (Systems) and Microsoft that will discount the price they charge for security, and on the other side, you have the best-of-breed (niche security) companies," Kuper said. He noted that mid-sized security companies are the ones most likely to be engaged in looking for a buyer or willing to do a deal.

Stocks in these companies are down by roughly 10 to 20 percent from year-ago levels, except for Secure Computing, which is down by nearly 60 percent. By comparison, the tech-heavy Nasdaq is up by more than 5 percent.

"McAfee would be a target, had it not been for its consumer business. Buyers don't want the consumer side, so maybe it could take the consumer piece private and sell the enterprise business," said one security analyst, who requested anonymity.

McAfee, meanwhile, has been busy snapping up more security companies, in a likely bid to increase its critical mass and become a one-stop player.

And over the past two years, speculation has periodically flared up on Wall Street that Cisco would acquire antivirus software maker Trend Micro. Networking giant Cisco, which has been a longtime buyer of security businesses, expanded its relationship with Trend Micro last year, as part of its Adaptive Threat Defense initiative.

 

Correction: Due to incorrect information provided by a financial-analyst site, this story misspelled the last name of a Morgan Stanley analyst. His name is Peter Kuper.
Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

New Google OnHub router is one of a kind

Reviewing the search giant's sleek and super-cool OnHub home router (while totally and completely trusting Google with personal info).

by Dong Ngo