The 10 Most Significant Security Acquisitions Of 2010

Security Shopping Spree

No doubt, 2010 has been a busy year in the IT shopping department. As part of the growing consolidation trend in the IT industry, security companies were gobbled up like candy.

But it likely wasn’t just the ripe economic conditions that facilitated the security spending spree. As compliance regulations become more stringent and the number of malicious threats continues to rise, security is increasingly being regarded as a necessity, not an add-on or luxury. As such, many organizations have maintained or increased their security budgets, even as other IT spending areas were given the ax, making security an attractive acquisition target for any vendor looking to increase its relevance across the stack.

Here are 10 of the biggest and most significant security purchases this year.

1. Intel - McAfee

In what is shaping up to be most important deal of the year Intel revealed intentions to buy McAfee in August for a whopping $7.68 billion, including $48 per share in cash.

Both Intel and McAfee repeatedly have emphasized that under the terms of the deal, McAfee will operate as a wholly owned Intel subsidiary and report into Intel's Software and Services Group. The deal, assuming all shareholder and regulatory approvals are met, could radically change the security paradigm and give Intel the ability to better secure billions of new Internet-ready devices, such as mobile and wireless devices, from myriad sophisticated and evolving malware threats. Down the road, Intel could infuse security into its chipset that powers TVs, cars, medical devices and ATM machines, essentially baking security into all Internet devices.

Meanwhile, some partners have said that the merger, while potentially revolutionary, carries weighty implications that could significantly impact McAfee's channel program and lower-end offerings.

2. Symantec - PGP - Guardian Edge

This three-way marriage instantly put Symantec at the top of the charts in the encryption space: the dual purchase of encryption leader PGP Corp. for $300 million along with its current OEM partner GuardianEdge for $70 million in April. Executives contended that the move further solidified Symantec as a competitive player in the data protection and encryption space by giving customers access to an array of technologies including full disk, removable media, e-mail, file, folder and smartphone, in addition to its existing end-point security, data loss prevention and gateway security offerings.

All in all, Symantec channel partners hailed the acquisition as a strategic move that provided necessary brand recognition while enabling the company to expand its offerings from full disk encryption to protecting data in motion.

3. Symantec - VeriSign

This year, Symantec has been a bit prolific in its pairings. In May Symantec said it would buy VeriSign's Identity and Authentication Business, including its Secure Socket Layer Certificate Services, for $1.28 billion in cash -- a deal that would give Symantec VeriSign's SSL Certificate Services, Public Key Infrastructure, VeriSign Trust Services and VeriSign Identity Protection Authentication Service.

Executives maintained that the deal would enable users to have simple and secure access to their information from anywhere, as well as a way to provide businesses with the means to incorporate identity and authentication security into the fabric of IT infrastructure. Executives also said the acquisition would help facilitate organizations in adopting new computing models, applications and resources, including cloud computing, social networking and mobile computing.

4. Thoma Bravo - SonicWall

SonicWall is hoping to expand and grow after it agreed in June to be acquired by an investor group led by Thoma Bravo in a deal valued at $717 million. Under the terms of the agreement, SonicWall shareholders received $11.50 in cash for each share of SonicWall common stock that they held, representing a premium of approximately 28 percent over the company's most recent closing price and approximately 63 percent over the company's enterprise value.

SonicWall executives said the deal gave the company greater financial freedom and flexibility, as well as greater purchasing power for future acquisitions, which ultimately will enable it to grow and make stronger inroads into desired enterprise-level accounts.

5. APAX Partners - Sophos

Sophos said in May that it planned to sell the majority of its business to private equity investment firm APAX Partners to the tune of $830 million. Under the terms of the deal, Sophos founders Jan Hruska and Peter Lammer were slated to retain a "significant minority" shareholding in the company at the close of the transaction.

Executives said the infusion of capital from the APAX deal would allow Sophos to find ways to streamline business, develop e-commerce channels for its partners and further invest in new technologies. Plus, executives said the guaranteed financial backing also would allow the company to expand its footprint in marketing and branding.

6. HP - Fortify

In August, Hewlet-Packard said it planned to acquire software security assurance company Fortify Software, finalizing the deal in September.

The deal essentially gave HP static application security analysis in addition to a comprehensive line of security products, with specific technologies dedicated to reducing business risk, meeting compliance regulations and protecting against malicious application attacks.

HP said it initially will run Fortify as a stand-alone entity but over time will integrate the company into its Software and Solutions business, melding the products into the Business Technology Optimization application portfolio.

7. HP - ArcSight

HP said in September that it entered into a definitive agreement to buy ArcSight for $1.5 billion, or around $43.50 a share -- a figure 8.3 times the company's run rate, valued at $181 million in its last fiscal year. Executives at both companies contend that the marriage was designed to build specific security technologies -- such as network access, access control, change and configuration management -- into HP's applications, while giving the company the ability to evaluate threats in deeper context.

In general, ArcSight partners were optimistic, maintaining that the acquisition would give the company the necessary global reach and visibility that it previously lacked.

ArcSight had said the previous month that it was putting itself up for bid, and contenders came down to a handful of enterprise organizations, reportedly including IBM, SAP and Oracle.

8. McAfee - Trust Digital

Giving it a competitive edge in the mobile security space, McAfee acquired mobile enterprise security firm Trust Digital, completing the acquisition in June. Specifically, the deal allowed the antivirus giant to integrate data protection, network access control, and security reporting and management onto smartphones and other mobile platforms, with what it hoped would be the industry's first comprehensive mobile security solution.

In addition, the purchase allowed McAfee to deliver centralized security management and reporting for mobile devices through its ePolicy Orchestrator platform to consumers and SMBs, as well as enterprises.

The smartphone security provided by the Trust Digital acquisition also extended McAfee's capabilities to the growing tablet market, including iPhones, iPads and Android devices.

9. IBM - BigFix

In a record three weeks, IBM bought and completed the acquisition of BigFix.

Essentially, the move kept IBM on par with some of its stack competitors by giving it the ability to implement data center and security initiatives, extending security and compliance globally to thousands of laptops, PCs and servers from the data center.

Technologies garnered from BigFix, which will be woven into the IBM Software Group, will enable IBM to better secure enterprise customers with technologies that manage and automate security and compliance updates on thousands of computers around the globe. BigFix was also seen as integral to IBM's automation portfolio that controls the data center, PCs and laptops, as well as servers, software, storage and an array of physical assets.

10. Trend Micro - Mobile Armor

Trend Micro made inroads into the mobile space in November, expanding its data protection portfolio with the acquisition of mobile encryption company Mobile Armor.

Executives said the deal essentially will give Trend Micro another layer of security as more customers move their IT infrastructure to the cloud and mobile realms.

Specifically, the technology will provide encryption on a variety of platforms, especially in the mobile space, which will give Trend Micro customers the ability to encrypt data as it moves over smartphones and laptops to both physical and virtual desktops. Altogether, Mobile Armor will give Trend Micro access to full disk, file/folder and removable media encryption for end points, which will be integrated into the company's existing data loss prevention, e-mail encryption and cloud encryption products.