What's the (next) deal with the DLP business?

Some industry watchers contend that Symantec's move to buy Vontu won't mark the last acquisition in the data leakage space, as a wide array of IT companies could still be looking to expand their existing DLP portfolios, but others believe the MNA ship has already sailed for the segment.

Now that Symantec has finally announced its deal to acquire data leakage prevention (DLP) market darling Vontu, some security industry watchers have predicted that MNA-related interest in the remaining independent vendors in the space will wane.

However, others believe that the fun is only just getting started.

Including the recently-consummated marriages of Symantec and Vontu, EMC and Tablus, Raytheon and Oakley Networks, Trend Micro and Provilla, and WebSense and PortAuthority -- along with a number of smaller deals -- market analysts chart the amount of money already spent on DLP acquisitions at roughly $1.62 billion, and that's only counting deals carried out since mid-2006.

And with many observers questioning the long-term viability of remaining standalone DLP technology providers, of which there are roughly 35, it would seem an ideal environment for a continued, and rapid, roll-up of many of the independent players left standing.

Among the most visible DLP targets left for potential sale are (in alphabetical order) Credant, Code Green, ControlGuard, Eagle Eye, Fidelis, GTB Technologies, GuardianEdge, NextLabs, Orchestria, Reconnex, RedCannon, Safend, Verdasys, Vericept and Workshare.

Among the most likely buyers, according to some industry watchers, are names including 3Com's TippingPoint, AT&T, BT Counterpane, Check Point, Cisco, Fortinet, IBM, Juniper, Secure Computing, and VeriSign.

And some believe that Symantec and rival McAfee -- which recently purchased SafeBoot, a company with a mix of DLP and encryption strengths, and previously bought Onigma, a relatively small DLP vendor -- still have more buying plans ahead.

Symantec executives didn't rule out further buyouts. In a phone conversation on Tuesday, Ken Schneider, CTO of the company's Security and Data Management group, said the firm will continue to assess its needs to "build, buy or partner" in the DLP space.

Schneider said he also wouldn't be surprised to see McAfee make another move, or multiple MNA deals, as he doesn't believe that the SafeBoot acquisition gives his rival as significant of a footprint in DLP functionality as some have credited it with publicly.

Yet, others question which IT companies that haven't done so already truly need to jump into the DLP space, at least from a buying perspective.

Jon Oltsik, analyst with Enterprise Strategy Group, remains unconvinced that a large number of DLP acquisitions will be forthcoming.

"It's tough to think of who is left that might be very attractive, there are definitely more sellers than buyers, and it's difficult to guess who else might buy someone, and why," he said. "Before the Vontu deal it seemed like everyone who was still looking was bottom-fishing; someone relatively large like Check Point might still be looking, but they may also be planning to build something in-house."

The analyst said that some DLP firms may have been caught out playing "chicken" with potential buyers and missed out on their chance to get paid, in many cases because they were asking too high of a buying price.

"People were wondering if that was what happened to Vontu, because if you hold out too long and everyone makes their play, this is probably too narrow of a space to do an IPO," he said. "The venture capitalists will eventually want their money back; Vontu lucked out, but the heat is on everyone who is left."

One of the names that comes up frequently among analysts in terms of vendors who may have missed their chance for acquisition is Vericept, who was rumored to be a target of EMC before the Oakley deal was announced.

"I haven't seen any big customer wins, there's not a lot of traction there, and it seems that they were banking on being acquired by EMC," said one financial analyst who asked not to be named in print. "When the EMC acquisition was on the table it was for $150 million, and then Vericept talked about it and told everyone; EMC backed away and bought Tablus and got a comparable technology at one-third of the price."

Some other industry watchers believe that the DLP fire sale has only just begun to smolder.

Nick Selby, analyst with the 451 Group, said that all of the potential buyers named above -- and many more -- could be looking to add DLP to their products, ranging from desktop security suites to back-end storage architectures -- especially if their targets can be had at a discounted price.

Selby said he definitely expects McAfee to add more DLP, specifically by bringing onboard a network appliance-type product. Symantec is getting a package of DLP tools that already meshes well with its other technologies in Vontu, but it may also need additional pieces, he said.

Among the two DLP camps -- if one separates agent-based systems from network-based systems -- the expert believes that the agent-oriented companies, such as Code Green, Credant, Guardian Edge, Red Cannon, Safend and Verdasys, will sell first.

"People prefer to unify security agents, largely because they are expensive and tough to build from scratch," said Selby. "It's also easier to sell agent-based DLP than network-based; agents are most often judged by their potential to integrate with other proven agents, and that's an easier case to build than with network-based systems, which are harder to scale in the enterprise."

Among the network-based DLP vendors left standing, Selby said that Fidelis may be the most attractive MNA candidate.

"For one thing, IBM Global Services has partnered with Fidelis on the network and Verdasys on the agent; so those companies will be valued higher than some of their peers, that's obviously a big endorsement for them that could drive interest," he said.

Copyright © 2007 IDG Communications, Inc.