US COMPANIES SEEK DEALS AND ACQUISITIONS IN WAR AGAINST CYBERATTACKS
As Threats Proliferate, Companies Seek Deals; Acquisitions seen as way to beef up capabilities in war against cyberattacks
BY DONNA HOWELL

Will fortune favor the brave?

Security software firms hope so. They're boldly venturing into new areas by acquiring rival companies. They want to be able to fight all manner of security threats, including spyware and emerging hacker attacks. And this rapid expansion isn't likely to end soon, analysts say.

The range of threats has widened dramatically in recent years. As hackers adjust to current security, new kinds of attacks are harder to track -- and often do more damage. Security firms have had to add more defenses, often by swallowing up their competitors.
The anti-virus firm Symantec, for instance, has beefed up its product line with a number of acquisitions. And its chief rival, McAfee, is expected to do the same.

"In Symantec's case, they've done a lot of recent tuck-in acquisitions," said Susquehanna Financial Group analyst Gregg Moskowitz, referring to deals that pull new products and technologies into the acquiring company. "I think McAfee will prove to be potentially a little more acquisitive as they attempt to fill out their product suite."

Acquisition activity has been brisk for a while among the largest firms in IBD's security software industry group. Consider all the deals over the past few years:

** Symantec, the group's largest company, has announced or sealed six acquisitions this year. Those deals include the $10.25 billion purchase of storage and backup technology vendor Veritas. Symantec did nine deals last year and two in 2003.

** VeriSign, the second largest company in the group, has made six deals to acquire companies or business divisions this year.

** Check Point Software Technologies announced one sizable acquisition deal this year and completed one last year. That was after none in 2003.

** McAfee did one deal this year and one last year after three in 2003.

** Trend Micro made two acquisitions this year, its only purchases in recent memory.

Naturally, the deals tend to be focused on hot growth areas.

Symantec recently bought Sygate and WholeSecurity -- two privately held firms that are thought to be growing quickly.

Sygate's software helps companies manage access to their networks. The company's sales growth is likely in excess of 25%, says Morgan Keegan analyst Chris Hovis.

WholeSecurity sells behavior-based security technology that can recognize brand-new attacks.

"It might have higher growth on a smaller base of revenue (than Sygate)," Hovis said.

In October, Symantec also announced a deal to buy BindView. It helps companies comply with security policies. The field of policy compliance has gained favor in light of the Sarbanes-Oxley Act and other new corporate regulations.

"The key is having defense in depth at multiple layers," said Art Wong, a vice president at Symantec's security response unit. "It's not just about anti-virus."

Check Point, meanwhile, announced last month that it would buy Sourcefire for $225 million. That company specializes in intrusion prevention systems, another hot technology.

"Sourcefire will greatly help our internal security portfolio," said Check Point Chief Executive Gil Shwed. "It will help us round up our strategy of having the total layers of security that enterprises need."

Sales of intrusion prevention and detection technologies should grow 9% annually the next few years, says Synergy Research Group. Intrusion prevention systems, or IPS, are especially hot, analysts say. "IPS is growing very fast," said Aaron Vance, an analyst at Synergy Research.

But why buy other companies to get this technology -- rather than build it yourself? For one, an acquisition is often cheaper. In the case of Sourcefire, "what they have is market proven," said Shwed.

When shopping for companies, security firms also look for ways to leverage their sales channels.

A case in point: VeriSign. It picked up threat research firm IDefense in July for $40 million. That firm provided tech security intelligence to the federal government, big network operators and financial firms.

"By including it into our (managed security) services, we can take it downstream and down-market," said Chris Babel, vice president of managed security services at VeriSign. In other words, the company can sell IDefense's research to a wider swath of organizations.

VeriSign expects to continue expanding its threat intelligence functions. "That's a growth area in security: to bring information to customers so they can act on it -- prior to the threat knocking on their front door," said VeriSign Chief Executive Stratton Sclavos.

Symantec's vision is a bit different. It looks to blend security and storage technology. That was a key idea behind its purchase of storage specialist Veritas. Another benefit of the deal: Symantec can sell its products to Veritas' big customers. "They now have a big, broad breadth of products to sell to those Global 2000 companies," said RBC Capital Markets analyst Robert Breza.

Symantec has also rounded out its security offerings. In fact, the company has few gaps left in its product line, analysts say.

"If Symantec were to do anything, I'd say it might be to increasingly bolster an area where maybe they have an offering but it isn't considered top-notch," Moskowitz said. "There are not many areas where that would come into play."

November 7, 2005