The fish are jumping in the IT security industry.
In recent months, the sector has seen several billion-dollar buyout deals. That has created a feeding frenzy among would-be acquisition targets, roiling the industry's waters.
In June, storage giant EMC. In August, IBM announced plans to spend big money in the security arena, with a . And EMC last month .
"Security has gone from a 'nice to have' to a 'must have,' and corporate board rooms across America are spending millions to solve the problem," said Peter Kuper, an analyst at Morgan Stanley.
Driving the changes, in part, are new regulatory compliance issues and a desire by customers to deal with fewer vendors, investment bankers and analysts say. In addition, system management and networking companies are active buyers of this technology, as they seek to embed security into their systems or applications.
"The consolidation is happening now, but security will remain in silos until there is full integration of products, and that will take some time," said Ranjini Chandirakanthan, an analyst at ThinkEquity Partners.
She added it can take up to five years for new products to be developed and released.
Security sectors that have particularly caught buyers' eyes include companies that prevent data leakage, as well as those that tackle identity theft, Chandirakanthan noted.
Encryption technology, intrusion prevention systems, electronic data security and compliance driven applications are also gaining attention from prospective buyers, said Ian MacLeod, managing director of investment banking for Goldman Sachs.
Regulatory issues,, are also helping to drive the security deals. Customers want to have a smaller set of vendors accountable if their technology fails to keep information secure and in compliance with regulations--and large systems and storage companies have the financial clout to act as consolidators.
"They have the ability to do the potential M&A (mergers and acquisition) deals in cash, or are large enough to do them with stock, or a combination of both," MacLeod said.
Midsize security companies are the ones most likely to be engaged in looking for a buyer or willing to do a deal, Kuper said.
Prior to their acquisition announcements, ISS and RSA Security, for example, had .
Other namesof potential targets include Trend Micro, Check Point Software Technologies, McAfee and Secure Computing. These are companies that are too small to be a soup-to-nuts security provider, but too large to be a niche player, analysts and bankers noted.
Stuck in the middle
Companies like these are considered midtier players--a position that puts them at a disadvantage, analysts said.
"On one side, you have companies like Cisco (Systems) and Microsoft that will discount the price they charge for security, and on the other side, you have the best-of-breed (niche security) companies," Kuper said. He noted that mid-sized security companies are the ones most likely to be engaged in looking for a buyer or willing to do a deal.
Stocks in these companies are down by roughly 10 to 20 percent from year-ago levels, except for Secure Computing, which is down by nearly 60 percent. By comparison, the tech-heavy Nasdaq is up by more than 5 percent.
"McAfee would be a target, had it not been for its consumer business. Buyers don't want the consumer side, so maybe it could take the consumer piece private and sell the enterprise business," said one security analyst, who requested anonymity.
McAfee, meanwhile, has been busy, in a likely bid to increase its critical mass and become a one-stop player.
And over the past two years, speculation has periodically flared up on Wall Street that Cisco would acquire antivirus software maker Trend Micro. Networking giant Cisco,, last year, as part of its .