Although security software has been a safe haven during the tech downturn and remains a top IT spending priority, some analysts are questioning its future as a stand-alone sector.
Instead, infrastructure and networking companies are increasingly moving into the security space, threatening "point" providers such as
Check Point Software
on up to market outperformer
. (Point providers offer highly specialized software addressing a single security issue.)
anticipated jump into consumer security software is expected to cause upheaval in that market. But those selling security software to businesses are threatened by customers' growing desire to have all their network needs sold in a single package.
"I think the landscape for security is going to change radically in the next couple of years," says Wedbush Morgan Securities analyst Tim Leehealey. One reason: "People don't want to buy security, they want to buy things that are secure."
As security threats become more complicated, customers are becoming increasingly confused and more apt to throw up their arms and simplify their purchases by going with a single vendor such as
, says C.E. Unterberg, Towbin senior analyst Mark Sue, who covers networking and security.
Jim Hurley, Aberdeen Group's vice president and managing director for security, privacy and risk management, agrees, saying the vendors that figure out how to automate security policies and processes will be the ones that have a chance of serving buyers' needs, he said. "Those stuck-in-point solutions will be out of business in five years," predicts Hurley.
Infrastructure companies such as
are making inroads in bringing security management into one place, says Ray Wagner, research director in information security strategies at Gartner. He said he also expects
to announce a product in this area soon.
are working on tying their products together with a single control center as well, Wagner points out.
But Leehealey said he thinks networking companies' offerings -- which will include security software -- will undercut Symantec's strategy of selling suites of security products.
"Frankly, I just think they're in a lot of trouble," Leehealey says of Symantec. "I don't have any crystal-ball answers for them." Leehealey has a hold rating on Symantec, and his firm hasn't done any banking with the company.
The Watch List
Leehealey adds that the entry of companies such as
into the security space bodes poorly for point providers such as Check Point Software,
Internet Security Systems
. Infrastructure shops can offer the attraction of an all-in-one deal of security software packaged with the networking hardware. Leehealey has hold ratings on Foundry, F5 and NetScreen and a sell rating on Check Point, and he does not cover ISS. His firm hasn't done any banking with those companies.
Other security companies on analysts' endangered list include low-end firewall vendors
. Potential consolidators include CA, IBM and Cisco.
Cisco has been in the security space since the late 1990s, but security still accounts for a tiny fraction of the company's sales -- about $100 million per quarter out of a total $4.7 billion in revenue, according to Sue. However, to keep up with the market, Sue says, Cisco will likely have to make more acquisitions.
"We do believe overall that the sector is ripe for consolidation considering there are many point products in the market today, and security as a subset is becoming integrated into various devices," said Sue, who has a market perform rating on Cisco. "Over time, depending on market segment, it
security will become increasingly difficult to address as a stand-alone company." Sue's firm hasn't done any banking with Cisco.
Such forecasts may sound like blasphemy, given that Symantec has consistently beat estimates thanks to virus and worm outbreaks. Just this week, The NPD Group reported that personal-consumer sales of antivirus, firewall and security software jumped 127% in August from a year ago, making the month the largest ever for consumer security software retail sales.
But even Symantec management has acknowledged it needs to boost growth among corporate customers to prepare for Microsoft entering its lucrative consumer antivirus market. And late last month, Symantec bought a company outside of the security space, PowerQuest, which sells systems and storage management products.
That acquisition shows Symantec is starting to focus on potential growth areas beyond its core security business, Legg Mason analyst Todd Weller wrote in a research note.
"We also believe that this is another data point showing a convergence of security and infrastructure/systems management software solutions," Weller wrote in a research note. Weller has a buy rating on Symantec, and his firm hasn't done any banking with the company. (NetIQ recently preannounced disappointing results for its fiscal first-quarter results.)
Weller, however, says he doesn't spend a lot of time worrying about companies like F5 and Foundry making big inroads in the security arena, and he says he wouldn't go as far as to say security will completely disappear.
Gartner's Wagner agrees, arguing it's too extreme to say security will cease to exist as a stand-alone sector.
Even as some parts of security, such as firewalls and antivirus technology, mature and become commoditized, high-end vendors that offer new technology will survive, Wagner predicted. He suggested companies in identity management, such as
, still have positive outlooks because their security is needed at the application level vs. the infrastructure level.
"I wouldn't say you should dump all of your security stocks," he says. But, "certainly there are some that look like they're in trouble."