Between startups securing millions of dollars in venture capital funding and larger companies gobbling up smaller companies, IT security is red hot, with no signs of cooling off soon.
October was a record month for security acquisitions, with more than 10 deals and total costs in excess of $1.5 billion -- and that's counting only the ones where financial terms were disclosed. While the pace may slow a bit for the remainder of the year, expect more to come as companies scout for new tech, talent, and market opportunities.
This is by no means a complete list, but the following acquisitions were announced in October:
- Cisco announced plans to buy Lancope for $452.5 million.
- Trend Micro announced plans for HP TippingPoint and associated network security products for $400 million.
- Thales Group agreed to acquire Vormetric for $400 million.
- CyberArk announced it would acquire Viewfinity for $30.5 million.
- Rapid7 snagged Logentries for $68 million.
- VMware acquired Boxer, an email management startup, for an undisclosed amount.
- Digital Guardian bought Code Green Networks for an undisclosed amount.
- Wombat Security Technologies said it was acquiring ThreatSim for an undisclosed amount.
- Microsoft announced it will acquire Secure Islands for between $100 million and $150 million.
- Vasco Data Security agreed to acquire e-signature firm Silanis Technology for $85 million.
Clearly, it's easier to buy innovation than to build it from scratch. CyberArk bought Viewfinity to extend its privilege management capabilities, and Rapid7 bought Logentries to beef up its machine learning and search analytics. VMware plans to roll email management app Boxer into AirWatch to provide email security on mobile devices. Trend Micro already has a solid endpoint security business, but it gained a whole network security division with the acquisition of HP Tipping Point.
Cisco CEO Chuck Robbins, who replaced longtime CEO John Chambers in July, has said in the past that he planned to expand Cisco's security capabilities through both acquisitions and internal development. Cisco alone has spent more than $1 billion on security acquisitions in 2015. The company's Lancope buy in October was part of the Cisco Everywhere strategy to secure networks, Internet of things, and everything else in between.
While technology is important, acquisitions are also about hiring. The buying company gains a team of talented individuals who already know how to make, fix, and sell the technology. Hundreds of million dollars is a lot of money, but for companies like Cisco, it's actually much less than what they would have spent recruiting, hiring, and on-boarding a full team.
It's also cheaper to buy an existing customer base. Trend Micro went from not having a strong presence in network security to being one of the big players in one swoop. There's good news for customers who've bought into the acquired solutions: The new company is interested in keeping paying customers around. While watching companies trade hands can be a little unnerving, it's typically business as usual.
Despite all the fuss in October, the industry has room for more consolidation. Last week, CRN reported Intel Security is planning to sell its Stonesoft business, which includes the next-generation firewall and network security portfolio, for $389 million to Raytheon-Websense. And all eyes are on Dell to see what the PC maker will do with RSA, the security division it acquired as part of this month's $67 billion acquisition of storage giant EMC.
Dell also filed a confidential IPO for its SecureWorks business, according to the Wall Street Journal. Plus, don't count out the new Hewlett Packard Enterprise as it transforms its Enterprise Security Products division. Users will continue to seek the best of breed from the vendors they work with.
Correction: This story as originally posted misidentified Thales Group and Code Green Networks. The article has been amended.