Some Random Thoughts On The Security Market

Last Updated on May 10, 2011

The intention by UK-headquartered company Sophos to acquire Astaro, the privately-held security company co-headquartered in Karlsruhe, Germany and Wilmington, Massachusetts (USA) is simply the last effect of the process of vendor consolidation acting in the information security market. It is also the trigger for some random thoughts…

In the last two years a profound transformation of the market is in place, which has seen the birth (and subsequent growth) of several giants security vendors, which has been capable of gathering under their protective wings the different areas of information security.

The security model is rapidly converging toward a framework which tends to collect under a unified management function, the different domains of information security, which according to my personal end-to-end model, mat be summarized as follows: Endpoint Security, Network Security, Application Security, Identity & Access Management.

Endpoint Security including the functions of Antivirus, Personal Firewall/Network Access Control, Host IPS, DLP, Encryption. This component of the model is rapidly converging toward a single concept of endpoint including alle the types of devices: server, desktop, laptop & mobile;
Network & Contente Security including the functions of Firewall, IPS, Web and Email Protection;
Application Security including areas of WEB/XML/Database Firewall and (why not) proactive code analysis;
Compliance: including the functions of assessment e verification of devce and applications security posture;
Identity & Access Management including the functions of authentication and secure data access;
Management including the capability to manage from a single location, with an RBAC model, all the above quoted domains.

All the major players are moving quickly toward such a unified model, starting from their traditional battlefield: some vendors, such as McAfee and Symantec, initiallty moved from the endpoint domain which is their traditional strong point. Other vendors, such as Checkpoint, Fortinet, Cisco and Juniper moved from the network filling directly with their technology, or also by mean of dedicated acquisitions or tailored strategic alliances, all the domains of the model. A further third category is composed by the “generalist” vendors which were not initially focused on Information Security, but became focused by mean of specific acquisition. This is the case of HP, IBM and Microsoft (in rigorous alphabetical order) which come from a different technological culture but are trying to become key players by mean of strategic acquisitions.

It is clear that in similar complicated market the position and the role of the smaller, vertical, players is becoming harder and harder. They may “hope” to become prey of “bigger fishes” or just to make themselves acquisitions in order to reach the “critical mass” necessary to survive.

In this scenario should be viewed the acquisition of Astaro by Sophos: from a strategical perspective Sophos resides permanently among the leaders inside the Gartner Magic quadrant but two of three companions (Symantec and Mcafee, the third is Trend Micro) are rapidly expanding toward the other domains (meanwhile McAfee has been acquired by Intel). In any case all the competitors have a significant major size if compared with Sophos, which reflects in revenues, which in FY 2010 were respectively 6.05, 2.06 and 1.04 B$, pretty much bigger than Sophos, whose revenues in FY 2010 were approximately 260 M$, about one fourth of the smaller between the three above (Trend Micro which is, like Sophos, a privately-owned company).

In perspective the acquisition may be also more appealing and interesting for Astaro, which is considered one of the most visionary players in the UTM arena with a primary role in the European market. Its position with respect to the competition is also more complicated since the main competitors are firms such as Fortinet, Check Point and Sonicwall which all have much greater size (as an example Checkpoint revenues were about 1.13 B $ in FY 2010 which sound impressive if compared with the 56 M $ made by Astaro in the Same Fiscal Year).

In this scenario, the combined company aims to head for $500 million in 2012.

Last but not least both companies are based in Europe (respectively in England and Germany) and could rely on an US Headquarter in Massachusetts.

From a technological perspective, the two vendors are complementary, and the strategy of the acquisition is well summarized by the following phrase contained in the Acquisition FAQ:

Our strategy is to provide complete data and threat protection for IT, regardless of device type, user location, or network boundaries. Today, we [Sophos] offer solutions for endpoint security, data protection, and email and web security gateways. The combination of Sophos and Astaro can deliver a next generation set of endpoint and network security solutions to better meet growing customer needs […]. With the addition of Astaro’s network security, we will be the first provider to deliver truly coordinated threat protection, data protection and policy from any endpoint to any network boundary.

Sophos lacks of a network security solution in its portfolio, and the technology from Astaro could easily fill the gap. On the other hand, Astaro does not own an home-built antivirus technology for its products (so far it uses ClamAV and Avira engines to offer a double layer of protection), and the adoption of Sophos technologies (considered one of the best OEM Antivirus engine) could be ideal for its portfolio of UTM solutsions.

Moreover the two technologies fit well among themselves to build an end-to-end security model: as a matter of fact Information security is breaking the boundary between endpoint and network (as the threats already did). Being obliged to adapt themselves to the new blended threats, which often uses old traditional methods to exploit 0-day vulnerabilities on the Endpoint, some technologies like Intrusion prevention, DLP and Network Access Control, are typically cross among different elements of the infrastructure, and this explains the rush of several players (as Sophos did in this circumstance) to enrich their security portfolio with solutions capable of covering all the information Security Domains.

Just to have an idea, try to have a look to some acquisitions made by the main security players in the last years (sorry for the Italian comments). Meanwghile the other lonely dancers (that is the companies currently facing the market on their own), are advised…