Symantec announced last week on top of strong quarterly earnings results that it is acquiring Recourse Technologies, SecurityFocus, and Riptech to expand and fill its product and service portfolio. These three security companies represent different market niches but will ultimately play together to help Symantec compete more effectively in competing against IBM for the coveted enterprise customer. Let's look at each company in more detail and then put the pieces together to form the bigger picture.

Recourse Technologies is an up-and-coming player in the intrusion detection and emerging threat management marketplace. Its Mantrap product is based on "honeypot" technology that fools an intruder into thinking they are breaking in to an organization all the while providing valuable information and forensic evidence to help find and convict culprits. Recently Recourse has made progress in promoting its ManHunt intrusion detection and threat management solution as a next generation product that avoids false positives, the major problem plaguing conventional intrusion detection products. The technology at Recourse has always been good; as a result it has a loyal enterprise customer base that will fit neatly into Symantec's long range strategy.

SecurityFocus is another respected vendor that provides information about security threats and their origin. It maintains the popular BugTraq information security vulnerability database that no doubt will have to remain vendor neutral. The real prize is the custom information systems that SecurityFocus has been creating for the last couple of years. With the rapid proliferation of exploits like Nimda and Code Red, enterprise customers are starving for the next outbreak information so that they can take proactive steps to fend it off instead of having to react once it infects their organization. The next generation of "blended" or hybrid threats will make the present attacks seem mild by comparison, and this has enterprise security professionals scared stiff.

Riptech is one of the last remaining managed security service providers (MSSPs) that launched with much fanfare a few years ago on the heels of the outsourced web hosting craze. It is doubtful that Riptech ever reached breakeven profitability on its service, but it has built up a nice installed base and perhaps more importantly has recruited a large number of information security professionals which will help Symantec beef up its professional service offerings.

Without a doubt the greatest winners are the shareholders of the acquired companies and their employees. With the capital markets in the tank, there is no way that they could get these kinds of valuations on the open market. Symantec of course also stands to win out from these acquisitions if it can integrate the companies and their respective technologies to better satisfy its vision of being a one-stop shopping provider to the large enterprise customer. And customers stand to win if Symantec to bring these newer technologies to market faster and in a more easily consumable fashion.

Who loses? Although the acquisitions better equip Symantec to take a run at IBM Tivoli and its Global Services juggernaut, the rest of the enterprise security market will probably feel the pain first and more deeply. Specifically Computer Associates, Bindview, HP, Network Associates, and Checkpoint, although the latter to a lesser extent. And players that competed directly with the acquired companies like Counterpane, NFR Security, and ISS can’t be too thrilled to find a new 800 lb. gorilla for a neighbor.

Symantec has a vision of providing one-stop shopping of security products and services to large enterprise customers, much the same way MRP, ERP, CRM, and networking infrastructure solutions are consumed today. RCL & Associates thinks that the security market is still too immature to be sold effectively to this way. Symantec's thinking is that it is probably better to be too early than too late in this market as its bread and butter product, desktop antivirus, will ultimately saturate. We seriously doubt that these will be the last acquisitions for Symantec, as it will continue to need to refresh its technology and skills base. Look for more purchases on the consulting services side as well as in the personal firewall, policy management, web application (including web services) security and content filtering areas.

© 2002 RCL & Associates, Inc.