Some IT managers and analysts said the planned $7.7 billion Intel-McAfee deal and Hewlett-Packard's acquisition of Fortify this week are the latest examples of a trend that could threaten long-term innovation in the security industry.
This week's moves are the latest in a long line of merger and acquisition activity in the security industry in recent years.
The McAfee acquisition marks a completely unexpected entry into the security market by Intel. But the chip giant's move follows similar ones by other major vendors like IBM, Cisco, EMC and Symantec -- and HP -- to pick up security vendors.
On one hand, the acquisitions underscore the continuing robustness of the security market -- Intel agreed to pay close to $8 billion for a company with less than $2 billion in 2009 revenue. Analysts say the price tag is a sign of just how valuable security companies have become.
At the same time, though, as major vendors gobble up large and small security tool makers, the main loser could be innovation. "I think there's a big impact [on innovation]," said Jan Oltsik, an analyst with the Enterprise Strategy Group. "Acquisitions typically don't help as small, innovative companies become product features or divisions of large companies."
Oltsik cited TippingPoint, which was acquired by 3Com in 2005 and then by HP late last year, and Internet Security Systems, which was acquired by IBM in 2006 for $1.3 billion.
"ISS and TippingPoint were two of the more innovative security companies around until they were acquired," he said. "While it looks like HP will re-invest in TippingPoint, the company languished for a few years and really lost its innovative edge. The same is true of ISS," Oltsik said.
Oltsik said the bigger vendors would do well to focus on developing tightly integrated security products, Oltsik said. "The government is ready to fund these kinds of solutions. Companies such as Cisco, Juniper, RSA, and Symantec need to recognize that there is will be a huge market for new types of security solutions in the near future," he said.
The acquisitions have been driven largely by the need for big IT companies to have security products in their portfolio, said Matt Kesner, CIO at Fenwick & West, a San Francisco-based law firm "I suspect that what is driving the trend are customers that want to hear about the security implications when they buy any IT product, large or small," he said.
Nonetheless, he agreed that such purchases can have a negative impact on innovation.
"I am a little sad about the wave of acquisitions of security vendors," Kesner said. The current threat environment requires 'real innovation' on the part of security vendors, Kesner said. "That kind of innovation tends to come from smaller companies."
Jim Kirby, director of engineering at Dataware Services, called Intel's planned purchase of McAfee "rather odd," though he acknowledged that such odd moves are becoming somewhat typical among security companies. "As far as a trend goes, I'm not really seeing anything other than typical market grabs," Kirby said.
"Small, good security companies have been getting gobbled up -- and their products ruined -- for the last 10 years," he said. Kirby cited Symantec's purchase of Sygate as one example. "I'm not really seeing anything different" with the announcement today, he said.
Richard Stiennon, chief research analyst with IT-Harvest, did note that the continuing investments in the security market do accompany a comtinuing robustness in demand for products. He noted that the security business is growing at a 22% annual rate and that some of the more innovative smaller companies are doubling in size each year.
"Even with the continuous acquisition activity there are 1,400 vendors in this space," Stiennon said. "That is a net gain of 200 over the past three years."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.