Symantec's Expected Acquisition Of Veritas Reflects Changes In The Security Game

At the heart of the change is a realization that the heyday of security as a hot, stand-alone market may be coming to an end, according to Wall Street analysts and other industry observers. Security as an IT discipline is moving from client-based protection to more of a network-centric approach, as evidenced by the moves of security vendors such as Symantec, McAfee and Trend Micro to partner with network vendors like Cisco Systems, they said.

Storage, too, has lately become part of the security conversation. For example, in October, Symantec introduced its LiveState Recovery products. Also, large vendors like Computer Associates International, which have both security and storage, are selling the products as complementary.

Such trends would make Symantec's plan to acquire Veritas a good move, observers said.

"I think the trend is set for companies to demand a single solution for storage and security, and this deal makes sense," said one Wall Street analyst, who requested anonymity.

Symantec's strategy to add an enterprise storage play to its security arsenal would mimic CA's approach, illustrating how tightly integrated security and storage will be going forward. Yet unlike CA, which came from data management and moved into the security space, Symantec would be moving from security into data management, said Tom Kuni, president of SSI hubcity, a Metuchen, N.J.-based VAR and a partner of both Veritas and Symantec.

"It puts Symantec in position to help manage data from the security point of view. It's a great move on Symantec's part. They identified the trend: Customers are looking for one-stop shopping. They are looking at data assurance," Kuni said.

"It's a visionary position statement for Symantec," he added. "If [the deal] goes through, it creates and gives them a dominant presence in the major league of corporate software players."

However, where an acquisition of Veritas by Symantec would leave other pure-play security vendors like McAfee, Fortinet, SonicWall and others remains to be seen.

McAfee denied rumors it was for sale during the summer, when it was busy divesting the unprofitable Sniffer product line and reducing its employee head count. But financial analysts continue to watch McAfee for signs that it may be acquired. "[McAfee] has prettied itself up for a possible sale, that is for sure," one analyst said.

McAfee officials declined to comment on the situation.

Symantec saw the writing on the wall that security alone wouldn't be enough and that it needed to flesh out its offerings toward secure network data management to survive, analysts said. Symantec CEO John Thompson recently said the Cupertino, Calif.-based vendor is set on making itself less of a pure-play client security vendor and more of a data management and "information integrity" vendor that has greater appeal to C-level executives.

"For over a year, Symantec has been talking about a broader management vision--essentially aiming to break down the individual silos of security management, storage management, systems management and ultimately even network management with a more holistic approach," Goldman Sachs analysts Sarah Friar and Brenden Smith said in a report. "The boundaries of these areas are blurring, and we hear comments from CIOs on business themes such as 'resiliency,' the ability to protect my IT assets in an ongoing way--traditionally a security problem--but when disaster strikes to restore from a backed-up version to the most current state, traditionally a storage problem."

Another Wall Street analyst said his firm has become "more cautious" of pure-play security vendors in light of the expected Symantec-Veritas deal. "It's adding a storage company, which have much slower growth. Then you have to ask, how hot is pure security anymore?" he said.

Symantec has been growing at about 30 percent a year, compared with approximately 10 percent for Veritas, which means that if the deal goes through, Symantec will cut its growth rate roughly in half, said another analyst, who asked not to be identified. And the fact that Symantec would be willing to slow its growth to expand its offerings is yet another sign that "the peak of the growth rate in the security market may be behind us," the analyst said.

Goldman Sachs' Friar and Smith see a possible Symantec-Veritas deal as part of a larger picture of IT sector consolidation. "Industry consolidation is likely to remain an ongoing theme across the technology sector, and with the pace likely to accelerate in the aftermath of Oracle-PeopleSoft, midsize vendors such as Symantec and Veritas are presumably faced with the choice of being either proactive or reactive to whatever wave of consolidation comes next," they said in their report.

"The Oracle-PeopleSoft deal is starting to force some hands to be played," another Wall Street analyst said, declining to be named.

A combined Symantec-Veritas would be a formidable competitor, according to Friar and Smith. "While clearly a bit unconventional and far beyond the scope of most Wall Street speculation in the past six months, a combined Symantec-Veritas entity would yield a market-leading portfolio of products and installed bases spanning both storage and security, consumer and enterprise, and channel and direct," they said in their report. "Combining our calendar-year 2005 estimates for the two companies yields revenue of more than $5 billion, which would make it one of the largest software companies in the world. The merger would also eventually create the first truly unified data-protection/security/recovery product suite to more easily gain the attention of tier-one CIOs."

Though the networking and security spaces are indeed crossing over, a Symantec-Veritas union would only touch on that trend, according to Kip McClanahan, CEO of security vendor TippingPoint. Earlier this week, networking vendor 3Com unveiled plans to acquire TippingPoint in a move to add TippingPoint's lineup of intrusion-prevention solutions.

"Networking and security are converging. You see that in the 3Com-TippingPoint announcement, and you see a little of that in the potential Symantec-Veritas deal," McClanahan said. "However, I think the big idea here has more to do with John Thompson's vision for the future of the NSM [network security management] market than the notion that networking and security converging. Personally, I have to wonder if there are other, smaller deals that would deliver more bang-for-the-buck and could take Symantec into new markets."

Symantec and Veritas have declined to provide details about an acquisition plan, other than to say that talks are progressing.

News of a merger, however, has confused some solution providers, who said Thompson's message about Symantec's transition from security to "information integrity" may not have resonated in the channel.

"How this fits into their overall strategy, nobody seems to know," said Steve Goldsby, CEO of Integrated Computer Solutions, Montgomery, Ala. "I think some other companies--the competitors--are drooling over this. Other than antivirus, I don't see how [Symantec is] executing effectively with any of its other technologies. Cisco acquires companies for a song, and they integrate the technology and everything they own. I think this will cause a bunch of Symantec's customers to step back and evaluate Symantec's strategy. It's a dysfunctional entity."

Some solution providers also expressed concern about how good of a channel partner a combined Symantec-Veritas might be. "[Symantec's] current product line makes them a contender against McAfee, Check Point and CA. A merger with Veritas would put Symantec in a league of their own," said Steve Palange, president of TLIC, Wakefield, R.I. "I've had problems working with Veritas in the past, as I suspect other resellers had as well, but I have never had a problem working with Symantec. This is a company that executes superbly on all points."

Mark Teter, CTO at Advanced Systems Group, a Denver-based solution provider, said acquiring Veritas would make a lot of sense for Symantec. "Over the long term, this is a good technology marriage. A big concern with storage networks now is storage security. It isn't being successfully done with small, outside-the-box companies," he said. "So the marriage of data and security is a good opportuntity, a windfall for Symantec."

MATT VILLANO and JOSEPH F. KOVAR contributed to this story.