SAN FRANCISCO -- Wall Street may have slammed
for its purchase of storage company
, but Symantec may have had little choice.
IT security companies will increasingly have to morph themselves into players that can offer both data management and security if they want to survive, say industry experts.
The market for pure-play IT security companies could be diminishing, according to Art Coviello, president of RSA Security, a division of
"Security can no longer be a tactical afterthought bolted on simply as defense," he told a gathering of 15,000 at the security industry's biggest conference here Tuesday, sponsored by Coviello's company.
"I believe in the next two to three years we will see the end of standalone solutions," he said.
Coviello should know. In June, the former RSA chief sold
publicly listed RSA Security to EMC for $2.1 billion.
Two months later,
-listed security player
Internet Security Systems
for $1.3 billion.
With its $13.5 billion purchase of Veritas, Symantec was probably the first stand-alone security company to morph into an information management company.
But the Veritas deal never found favor with investors. Symantec stock has dropped nearly 30% since the Veritas acquisition, closing Tuesday's regular session off 16 cents to $17.62.
That, instead of being a statement about the attempt of security companies to transform themselves, could mean more investor displeasure around
the integration problems that Symantec has experienced with Veritas.
Security buyouts have worked much better for other companies.
Since acquiring RSA Security last summer, EMC has seen its stock go up nearly 25%. During the company's fourth-quarter results reported Jan. 24, EMC said its security division grew 26% to $114 million, leading to revenue of $3.2 billion for the quarter. The deal has clearly been win-win for both companies.
IBM, too, hasn't experienced any hiccups from its security purchase. The company's stock has increased about 30% since the ISS buy, closing at $99.85 Tuesday, near its 52-week high.
Security companies now have two choices: Either transform into a larger company offering a more diverse set of products to businesses -- as Symantec has -- or become buyout bait, says Murray Beach, president of Boston Corporate Finance.
Last month, Symantec
bought systems management company Altiris for $830 million.
"With the established security players, if they aren't themselves building a new platform that ties in more applications, then it is difficult for them to compete," Beach says. "Any security player in the software space is an outright target."
That means companies such as
, and enterprise software players including
could be hunting for new security assets.
EMC is likely to make more acquisitions this year, acknowledges Joe Tucci, chief executive officer of EMC.
In January, Cisco acquired privately held
email security company IronPort for $830 million.
Meanwhile, Microsoft, also, has been trying to solidify its security products, touting the security of its Vista operating system. At the conference, Chairman Bill Gates and Chief Research and Strategy Officer Craig Mundie discussed the idea of "trustworthy computing."
Additionally, Microsoft announced more details of its latest product, called the Identity Lifecycle Manager 2007, which helps companies manage security credentials such as certificates and smart cards. The product is likely to be available to customers in May.
"You can increasingly see security, event management, corporate governance and risk management coming together," says Beach.