Despite a lacklustre economy, the worldwide security software industry just keeps growing. Led by Symantec, McAfee, Trend Micro, IBM and EMC, total industry sales are projected to hit at least $16.5 billion this year, up 11.3% from 2009, according to Gartner.
Into this security sales fest steps Intel with its morning announcement that it plans to acquire McAfee for $7.68 billion. Intel CEO Paul Otellini indicated that the companies have been working closely over the past 18 months and hinted that security features related to Intel processors will arrive by early next year.
"Everywhere we sell a microprocessor, there's an opportunity for a security suite," Otellini said during a press conference on the planned buyout, adding there could be further integration of McAfee technologies into Intel products.
In a blog post, George Kurtz, McAfee's worldwide CTO and executive vice president, pointed to whitelisting capabilities of SolidCore, a McAfee acquisition, as a good fit with Wind River, the embedded and mobile software vendor that Intel acquired last year.
Intel sees a huge future in the advance of mobile devices and McAfee has also made it a priority this year to further its mobile management and security strategy via acquisitions of its own.
McAfee, which will operate as a separate subsidiary, is Intel's pick to complement the work Intel has already done on its hardware-based security, vPro. But Otellini did stress during the press conference that Intel is also open to working with other security vendors.
Still, Intel-McAfee union could mean a tougher security software market for big and small vendors alike.
Symantec, whose products extend into storage, backup and services, holds just over 20% of the security software market worldwide, and while that's not bad, it's actually down from the 24.11% share it had in 2007 and the company recently warned of cautiousness among tech buyers. Not only are traditional rivals such as McAfee and Trend Micro bearing down, but IBM, EMC/RSA and Cisco now seem more determined to play the role of main security vendor for the enterprise.
In this superheated competition, IBM also plays the role of partner to both Symantec and McAfee at times, and giant HP is a conduit to the customer through its security-services division gained through the EDS acquisition.
"The competitive landscape for us is changing," acknowledged Bill Robbins, Symantec executive vice president of worldwide sales, recently discussing the overall market.
Symantec itself just spent many millions to buy PGP, GuardianEdge and VeriSign's authentication business to get encryption and certificate technologies. (Trend Micro will soon be unveiling some encryption-related plans as well.)
Such diversification isn't a bad idea, since selling security to the enterprise is increasingly a matter of having lots of different enticements to offer the customer sometimes a giveaway in a bundled offering. "I've seen deals where the encryption is free," noted Gartner analyst Neil McDonald discussing the topic recently.
Showing up to woo the customer with as much as possible storage, backup, desktop security suites and services is increasingly the fashion. "We'll say to the CIO, here's our vision, here's what we can do today and what's on the roadmap," Robbins said.
Price completion is fierce, according to some.
Manufacturer Berry Plastics, which has been using Symantec's PureDisk de-duplication and NetBackup in its data centre, as well as Altiris management, invited Symantec in to bid against McAfee for an enterprise-wide desktop security contract for over 5,000 desktops.
Shane Mers, systems team supervisor at Berry Plastics, says the "financial aspects" were key to the deal to award Symantec a three-year contact for its Endpoint Protection product for around 6,000 desktops. Although there were technical considerations, too, such as Symantec's desktop security using less storage space for antimalware DAT files. Symantec made the deal very appealing financially, Mers says.
Despite such victories for Symantec, McAfee, the No. 2 player in the security software market, recently reported a 38% rise in second quarter earnings and increased revenue, thanks in large part to sales help from business partners.
McAfee's big push of late has been security for smartphones, including the iPhone and Android-based devices, whether in the hands of the consumer or the business person.
To that end, McAfee recently acquired mobile-device management vendor Trust Digital, used in the enterprise, and Singapore-based tenCube in the consumer area. Symantec's approach so far has been to develop software in-house, including its Mobile Management product introduced last November, according to Khoi Nguyen, group product manager in Symantec's mobile security group.
Today, McAfee generates 85% of its security software revenue through sales channels, says Alex Thurber, vice president of worldwide channels at the company. "We have 20,000 partners 1,000 of them really invested in us," he notes, citing SHI, InSight, Dell, CDW, AT&T, Verizon, Brocade and HP. "Asia-Pacific has been our fastest growing market."
HP also wants to dig into the security software market, and just announced its intent to acquire software vulnerability company Fortify Software, a longtime partner.
Plans include combining the vulnerability-scanning capabilities HP gained through the SPI Dynamics acquisition with the static analysis in Fortify's product to offer a comprehensive security assessment product for the enterprise, says Mark Sarbiewsi, vice president products for HP Software and Solutions.
HP's appetite for security and IT management buyouts has been hearty, with the company acquiring over the past five years Peregrine Systems, Mercury Interactive and intrusion-prevention systems appliance vendor TippingPoint, which closed this April. But Gartner analyst Ruggero Contu says HP doesn't count as a player of significance in the software security market in terms of market share, with just $2.4 million in 2009, down from $15.1 million in 2008.
Where HP does have a presence is in its security services arm gained through its acquisition of EDS in 2008 for over $13 billion going up directly against IBM. Now known as HP Enterprise Services, the division earlier this year announced security-services packages including a line of third-party security and compliance offerings.
While Symantec, McAfee and IBM have grown through acquisitions of smaller security vendors, and now McAfee is going to be acquired by Intel, enterprise customers will be bracing for yet more change.
Takeovers of smaller companies are not always viewed as a positive thing by enterprise IT managers.
Mark Starry, director of infrastructure and security at Capital Region Healthcare based in New Hampshire, was not overcome with joy when he learned last month that IBM was acquiring his patch management vendor, BigFix.
Too often Starry has seen acquiring companies neglect software development or otherwise muddy things. But the management at both IBM and BigFix have assuaged his concerns somewhat, Starry says, because they say BigFix will be left as a stand-alone group. "Maybe they'll even give them resources to speed up software development," he says.