This interesting ZDNet blog reports on a recent Symantec analysts' call. Larry Dignan cuts though a lot of the corporate-speak from the security vendor's COO to get to the main point: The company's approach of dumping a lot of different security products into big packages may become less effective as a new generation of specialized new devices -- smartphones, mostly -- find themselves in crackers' cross hairs. The bottom line is that this new reality may lead to more acquisitions. Dignan points out that Symantec recently purchased Altiris and Vontu.
There is nothing new about entrepreneurial firms in security (or elsewhere) being snapped up by bigger companies. The issue of comparative merits and the tensions between internal research and development and industry consolidation is part of this wide-ranging InfoWorld Q & A roundtable with the CEOs of McAfee and Symantec.
Symantec CEO John Thompson bristled at the idea that bigger companies have abandoned innovation in favor or writing checks. He says that the company spends 15 percent of its revenue on R & D. He attempts to turn the issue around by suggesting that security is evolving so quickly that relying solely on internal developments would not work.
Whether and how consolidation proceeds is entirely dependent on the nature of threats. That's why a second major issue -- the first iPhone virus -- is important. In the short term, it will be possible for Apple to figure out a way to protect its hip new device. In the bigger picture, however, smart service providers and vendors no doubt took the iPhone firmware 1.1.3 prep hack as a big yellow flag and will far more seriously look for ways to protect smartphones. Whether the technology is bought or built will be of secondary importance.
This blog from the end of last year deals with consolidation in the security software sector. The chief strategy officer for StillSecure takes exception to a comment in a PCWorld.com article -- a link is provided -- that suggests security software is largely immune from the consolidation trend. He says that Symantec, McAfee and Cisco continue to buy security firms, and that they are being joined by big firms from outside the security sector that perhaps some people have heard of: Microsoft, Google and IBM.
Despite a number of IPOs, the blogger thinks smaller firms are more amenable to the possibility of being taken over than they were a year or 18 months ago. Consolidation, the writer says, is driven by the fact that buying is easier than building for the big companies, and that there are simply are too many independent security firms. His conclusion is that there will be shakeout, not an end, of independent software companies.
The pace of change is constant. Earlier this month, CRN reports, security software vendor Arbor Networks bought Ellacoya Networks. The deal is particularly interesting because Ellacoya is not, strictly speaking, a security firm. It provides deep packet inspection (DPI) functions. As the name suggests, DPI enables the management of traffic at a far more granular manner than other tools. Deeper security -- making sure a packet is what the header says it is -- is an element of DPI. The technology, however, goes far farther.