Integrated vs. Best-of-Breed Security

Posted on January 19, 2007 by Simeon Simeonov

There has always been a tension between integrated and best-of-breed approaches to software solutions. Much of the software industry has moved in the integrated direction, from OSs and platform runtimes to integration suites to ECM to application suites. The holdouts typically have been in complex, fast-moving markets.

The prototypical example of a space where best-of-breed wins is security because of the many niches within it and the quickly evolving threat landscape. Even that is going away. In the network space it started with the arrival of the managed security service providers (MSSPs) such as Guardent (now Verisign MSS) that tied together a number of best-of-breed pieces into an integrated, outsourced solution for enterprises. Product vendors have not stayed still either. Security has been one of the most active M&A markets recently and the pace is likely to continue as security capabilities become a by-design facet of all SW/HW. To this point, a recent comment by Morgan Stanley analyst Peter Kuper (who has a deep expertise in security):

Cisco’s acquisition of IronPort represents more than a basic consolidation play. In our view, this transaction marks a new vector for Cisco’s commitment and involvement in security and perhaps software overall. Take notice pure play security providers; Cisco just moved deeply into the realm of communications security leaving even less space for existing vendors to squabble over. Moreover, this latest transaction further cements our industry view that security, in most cases, is contained if not embedded within any hardware, software or service. In other words, this acquisition increased our conviction that the best days of the point solution providers are behind us.

Here are some M&A stats from my friends at America’s Growth Capital and Jeffries/Broadview:

  • 61 transactions in 2005 with median LTM revenue multiple of 4.5x. 33 transactions over $20 with median multiple of 6x. It pays to be bigger.
  • 60 transactions in 2006 with multiples remaining in the same range. 27 transactions over $20M with median multiple of 6x.
  • 2007 starts with a bang–Cisco’s $830M acquisition of IronPort at a nice 10x revenue multiple.

Symantec leads the charge w/ 20 acquisitions in the 2002-06 timeframe. Can you say “let’s figure out how to diversify before Microsoft destroys our cash cow?” McAfee and Cisco are next with 8 and 7 deals, respectively. Then Microsoft (they know they have a problem) and Verisign w/ 5 each.

About Simeon Simeonov

Entrepreneur. Investor. Trusted advisor.
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply