By Robert R. Ackerman Jr.
NEW YORK (
) -- For all the talk about a chronic shortage of so-called exits for venture-backed companies, one technology segment is poised to go from "hot" to "hotter": IT security.
That's the umbrella term for technologies designed to protect the digital superhighway. It's coming into its own and in a big way. Following on the heels of repeated breaches of government and corporate networks, widespread theft of credit card records and medical records transitioning to digital storage and delivery, the security risk index on computer networks has moved from "potentially dangerous" to "we're under siege."
With active attacks measured in the hundreds of thousands almost daily, the adage that a chain is only as strong as its weakest link -- in this case, the computer networks that represent the fabric of commerce (and government) on a global basis -- is on the minds of chief security officers around the world.
Increasingly, the attacks are originated by state entities engaged in governmental or commercial espionage and highly organized criminal gangs. While the 13-year-old wunderkind who "hacks" for fun is still with us, the attacks today are orchestrated by the equivalent of doctorate-wielding brainiacs in search of treasure, whether it is commercial, intellectual or political. The attackers are well funded, highly disciplined and have the advantage. While those in charge of IT security work hard to thwart attacks, the attackers only need to be successful periodically. This boils down to electronic-asymmetric warfare, and it is a surging frontier for innovation and investment among many of today's entrepreneurs.
Through the first nine months of the year, U.S. venture capital firms invested $9.2 billion, up from $8.9 billion in the same period in 2009, and a healthy dose of that was put in security startups. This was predictable given a huge surge in recent months in acquisitions of IT security companies, which is highly likely to accelerate. There were a whopping 16 IT security acquisitions in the past 100 days. They exceeded an estimated $10 billion in value.
Here is the list in chronological order, including acquisition prices if disclosed:
1. On July 1,
, a private company based in Emeryville, Calif., that replaces fragmented tools, including vulnerability assessment and security compliance tools, with one unified control architecture.
2. On July 7,
, a Sunnyvale, Calif.-based provider of real-time traffic and analytics software to protect against cyber attacks and threats aimed at IP networks.
3. On July 12,
, an Aliso Viejo, Calif., maker of technology systems management software, acquired
Volcker Informatix AG
, a German software company that makes products that help companies manage user identities, access privileges and security.
4. On July 13, GFI Software, a Raleigh, N.C., provider of software infrastructure products for small and medium-size companies, acquired Tampa Bay, Fla.-based
Sun Belt Software
, a major provider of Windows-based security software.
5. On July 22,
Mobile Media Unlimited Holdings
, a London-based public company specializing in the dissemination of cell phone-based advertising, acquired
, a Warkwickshire, England, company that empowers the interception and analysis of audio communications.
6. On July 23,
, a publicly held London-based maker of thermal imaging equipment for perimeter surveillance, acquired
, a Berkshire, England-based maker of software that prevents malicious or fraudulent data misuse. It paid 3.2 million pounds.
7. On July 27,
acquired Columbus, Ohio-based
, a mobile security firm. It paid $70 million.
8. On July 27,
, a public U.S. company that supplies Internet security technology to 150 security companies and Internet service providers, acquired the antivirus division of
, based in Palm Beach Gardens, Fla.
9. Only July 29,
acquired Singapore-based tenCube, a provider of a mobile security service to combat the ubiquitous problem of lost cell phones.
10. On Aug. 9,
, a Plano, Texas, provider of communications test and network intelligence solutions, acquired
, a Chelmsford, Mass.-based provider of security management solutions for global business networks. Its customers include more than 70% of the world's Internet service providers.
11. On Aug. 4,
St. Bernard Software
, a San Diego, Calif.-based maker of Web security appliances, acquired
, a Rohnert Park, Calif.-based purveyor of managed email security solutions.
12. On Aug. 19,
acquired McAfee, among the world's biggest makers of antivirus software. Intel said it acquired the company because security has become a fundamental component of online computing, including mobile and wireless devices, TVs, cars, medical devices and ATM machines. Intel paid $7.7 billion in stock.
13. On Aug. 30,
, a public company, acquired
, a Sunnyvale, CA, based maker of advanced authentication and fraud prevention solutions for on-premise software and cloud computing. CA Technologies paid $200 million in cash.
14. On Sept. 1,
acquired Los Gatos, Calif.-based TriCipher, a provider of secure access management for cloud-hosted service-as-a-service applications.
15. On Sept. 13,
, a Cupertino, Calif., global provider of cyber security and compliance solutions that protect organizations from enterprise threats and risks. The price was $1.5 billion in stock.
16. On Oct. 4,
acquired Carlsbad, Calif.-based
, a provider of computing engineering for the U.S. intelligence community. Raytheon said it bought the company to expand its cyber security business.
As impressive as this level of activity is, all indications suggest even a bigger spurt of security acquisitions in the months ahead. Driven by unprecedented levels of cash on the corporate balance sheets of major technology corporations and a deep-seated conviction that IT security must chronically be improved, this almost certainly will be one of the next major growth areas for technology spending.
"No one argues about whether or not our IT security budget will be up," a corporate chief security officer recently told me. "The only question is up by how much? We can't afford to be wrong or vulnerable."
An acquisition frenzy will be further fueled by an unusually broad set of buyers interested in IT security. In addition to major technology companies, major systems integrators are showing significant interest to better meet the needs of their governmental customers and also to more deeply penetrate the commercial market. These systems integrators include
, Boeing and
. Other major acquirers include telecommunications companies, which want to better secure the data, now all in IP packets, that traverses their networks. They also want to offer customers new data security services.
The data and the trends once again confirm that venture-backed innovation remains alive and well, at least in select areas. This is good news for enhanced cyber security, which is essential, and for all other types of venture capital-backed innovation, which is good for the U.S. economy.
Robert R. Ackerman, Jr. is the founder and managing director of
, a seed and early-stage venture firm headquartered in Palo Alto, Calif. Ackerman has worked with more than 50 corporate investment partners over the past 20 years as a venture capitalist and startup executive.