The strategy, however, does have its risks, analysts observed.
"In order to compete in this market you have to offer more than what your solution does, and if you don't have the cash for an acquisition, OEM is a good way to go," said Paul Stamp, analyst with Forrester Research. "In some ways, it is less risky than doing acquisitions because you don't have the upfront cost, but in other ways it can be more risky when the company your partnered with is competing for the same budget, or if they're acquired by someone else."
For instance, Stamp said he believes that since Sophos launched its own line of security appliances, its deal with IronPort has "soured."
"When you start to expand your product line, internally or via partnerships, you need to be careful not to tread on existing partners," Stamp said. "Nonetheless, we believe that this is a business model that will become more common in the security market."