"We are at the point in the market cycle where the larger potential acquirers have enough cash in the bank to buy top-shelf companies. There is not a lot of bottom-fishing going on. Why have catfish when you can have caviar?" said Andrew Jaquith, an analyst at Forrester Research.
In just the past six months, about $10.1 billion worth of deals have involved security players: Symantec acquired PGP and GuardianEdge Technologies for $70 million and $300 million (respectively) in April, and VeriSign's security business for $1.3 billion in May; IBM bought network management specialist BigFix for $400 million in July; and Intel purchased McAfee for $7.7 billion in August.
Also, in August, Hewlett-Packard bought Fortify for an undisclosed amount -- "likely not less than about $150 million," said Jaquith. CA bought authentication and fraud prevention provider Arcot earlier this month for $200 million. And, on Monday, HP announced it was buying ArcSight for $1.5 billion.
"All of these deals have a common theme: the acquisition targets are all leaders in their respective markets," said Jaquith.
Don't expect these security mergers and acquisitions to stop anytime soon. "Because the balance sheets of big potential acquirers" -- he named Symantec, Microsoft, IBM, Oracle, McAfee, Symantec, and CheckPoint -- "are relatively healthy, we will likely continue to see additional M&A activity through the end of the next year and into Q1 2011," he said.
That's especially true since all of the big players largely eschew internal research and development operations, instead opting for a more Darwinian process of seeing which smaller, venture-capital-backed security firms emerge as best-of-breed players. "I don't see that as a bad thing at all, I actually think it's a rather efficient allocation of capital -- just from a company standpoint. Maybe not for venture capitalists," said Jaquith.
Still, with all of these acquisitions, will enterprise customers benefit? "There are always two sides to this," he said. "On the one hand, it's better for customers because they have fewer throats to choke and they have a reduced number of vendors to deal with on the supply side. This is a good thing."
The worry, however, is whether the smaller companies' management teams and technical experts will remain. "That doesn't always happen with acquisitions, that's why there's always a fear," he said. But if the acquiring companies have struck the right deals and essential talent remains, customers do stand to benefit.