04:49 PM

Schwartz On Security: Reaching The M&A Tipping Point

The jury is out on whether businesses will benefit from Intel buying McAfee or from Symantec, IBM and Microsoft sucking up everything in sight.

The pace of mergers and acquisitions in the security industry has been breathtaking, but could it be headed for a stop?

Since last year, numerous top-tier smaller outfits have been snapped up by large players. Indeed, more than $10 billion has been spent in just the past six months by Symantec (VeriSign plus PGP and GuardianEdge), IBM (BigFix, OpenPages, PSS Systems), Hewlett-Packard (Fortify and ArcSight) and CA (Arcot).

Furthermore, the technology industry heavyweights -- who by virtue of their size largely innovate via acquisitions -- apparently still have oodles of cash at the ready.

What's behind the breakneck pace of acquisitions? One answer is that it's mirroring a growing awareness of security by senior executives. "Security is starting to get higher on their radar screens now," said Steve Robinson, general manager for IBM security solutions. "Many of our corporate accounts are starting to put in chief security officers, to expand their security teams and see that security has impact on all parts of their business."

This evolution and growing security understanding is -- on the upside -- leading customers to demand more consolidated approaches to mitigating their security challenges. Accordingly, said Robinson, "we need to move beyond the single product to solve a single problem, to more of a comprehensive strategy."

Cue mergers and acquisitions. But where should they end, and are businesses best served by a more all-in-one approach?

Consider Intel's $7.7 billion acquisition of McAfee, which surprised many industry watchers who thought endpoint security should be built into the operating system, rather than the motherboard.

The positive spin is that the deal has the potential to bake-in better security to PCs and mobile devices -- through to virtualized environments and the cloud -- from the get-go. But it also has the potential to be seen, in a few years, as an expensive one-size-fits-all boondoggle of AOL proportions.

Garter Group analyst John Pescatore likens the overall information security M&A equation to cars and boats: Would you buy a car from a boat maker? How about a boat from a carmaker? The short answer is, no. Now extend the paradigm to information security.

"I'm always amazed when network infrastructure vendors like Cisco and Juniper build security solutions that try to get us to put their software on our endpoints, and when software vendors like IBM Tivoli or CA acquire and try to sell network security products," he said. "These strategies always end badly -- it is why the McLobster sandwich and the Nobu Whopper never did well either."

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.