Security startups have become hot acquisition targets for bigger companies that are trying to protect themselves or their customers from an endless stream of cyberattacks, according to Bob Ackerman, the founder of Allegis Capital in San Francisco.
Ackerman cites 16 acquisitions in the last 100 days with a total value of more than $10 billion, although two of those deals — Intel’s $7.7 billion acquisition of the anti-virus vendor McAfee in August, and HP’s $1.5 billion acquisition of ArcSight, which protects against company-wide digital threats like intellectual property theft, in September – account for over 90 percent of that value.
Still, the need for good security technology is pressing. Intel disclosed in its annual report in February that its IT systems were regularly attacked, that Intel didn’t always know about the attacks, and that sometimes, intruders were able to gain access.
Intel spokesman Chuck Mulloy said then that Intel disclosed the attacks because Google had disclosed attacks on its systems (which Google blamed on China). Intel has now elevated security to a top priority for all of its products, alongside connectivity and energy-efficient performance.
“Today’s security approach does not fully address the billions of new Internet-ready devices connecting, including mobile and wireless devices, TVs, cars, medical devices and ATM machines as well as the accompanying surge in cyber threats,” Intel said in a statement announcing the McAfee deal. “Providing protection to a diverse online world requires a fundamentally new approach involving software, hardware and services.”
Other security companies that have been acquired recently include Arbor Networks, Arcot, BigFix, Enable Software, Narus, SMobile Systems, Sunbelt Software, tenCube and TriCipher.
The technologies offered by these companies are all over the map, Ackerman says, because “nobody’s designed the solution to the problem. It’s a compendium of problems…Security will be pervasive at every level, in every component of the IT stack and data stack.
It’s early days now – there are point solutions to point problems – but over time they’ll be integrated, and there will be multilayered defenses…,” he says. “Everything will be redesigned with IT security as a core parameter.”
Sometimes a security company is so valuable that the buyer will take both the technology and all of the employees. That happened with Ironport, an e-mail security company backed by Allegis, and ScanSafe, a Web security company backed by ScaleVP. Both companies were acquired by Cisco.
“We have 150 people and everyone is staying, which is very unusual,” ScanSafe co-founder and president Roy Tuvey said at the time. “But one of the major drivers of the acquisition is the people. We’ve built a reputation for cloud-based security services, and our (and Cisco’s) joint vision will enable additional security apps in the cloud. We have the people and the expertise.”
Venture investing in security companies has actually dropped for the last couple of years, according to data from Thomson Reuters, although that may reflect the number of me-too companies that were created and funded during the dot-com boom.
But Ackerman says technical innovation and opportunities for IT people who know security will only grow.
In August, meanwhile, Gartner said that revenue for software security companies would jump over 11 percent this year to $16.5 billion, despite the economic downturn, because IT security has become such a serious problem and because security products are maturing.
Security is also expected to be one of the fastest growing areas of enterprise software for the next few years, according to principal analyst Ruggero Contu.