10 Companies Symantec Could Buy Next

Who's Next?

At Symantec's Partner Engage event in Los Angeles last week, CEO Greg Clark celebrated the company's blockbuster acquisition of Blue Coat Systems, laying out new opportunities ahead of the company around cloud and web security. However, Clark said Symantec isn't done when it comes to making acquisitions to build its massive portfolio.

"You will see us continue to do the inorganic things that we've done for many years," Clark said in a keynote at the event. "We are very serious about bringing the right portfolio to market with leading, advanced products," he said.

Clark said Symantec will be building a security story around the four pillars of information, users, web and messaging security, using both organic R&D and inorganic acquisitions. While he didn't say what areas specifically an acquisition might come in, here are ten companies that our analysis shows might make sense for the security vendor.


At the Partner Engage event, Clark touted Symantec's capabilities around next-generation endpoint security, telling the audience that the security vendor planned to take aim at up-and-coming startups in the space, like Cylance. One way the company could make a splash in the market is to acquire one of the major next-generation endpoint security players, like Crowdstrike, which offers an endpoint detection and response platform called Falcon. The solution is cloud-based, which would fit with Symantec's building technology portfolio leveraging the cloud, and is often seen as a complement to traditional antivirus solutions, where Symantec also has a strong presence. The challenge with a company like Crowdstrike in the EDR space is that it would likely fetch a high price tag.


One area Symantec could invest if it's looking to build an end-to-end security stack is in purchasing a SIEM vendor, such as LogRhythm. There were reports over the summer that LogRhythm had engaged with Morgan Stanley and JPMorgan to explore IPO options. LogRhythm offers what it calls a next-generation SIEM solution, bringing together analytics, log data, network and endpoint monitoring and forensics into a single solution. The company also already works with Symantec, helping transition customers off Symantec's Security Information Manager (SSIM), which the company discontinued in September 2013, and integrating into the company's DeepSight Threat Intelligence.

Sumo Logic

Sumo Logic is another startup that could launch Symantec into the SIEM market. Sumo Logic is a little bit of a different play than LogRhythm or other SIEM vendors; It is more broadly analytics focused, rather than strictly focusing on security. The company doesn't list Symantec as an integration or technology partner, but does count among its solution provider partners a significant number of security VARs. Doug Cahill, senior analyst, cybersecurity at Enterprise Strategy Group, said adding a SIEM vendor with analytics and forensics capabilities could be one way to "bolster its already impressive product portfolio."


One security vendor with persistent acquisition rumors is Imperva, with reports that the security vendor has received interest from several large technology companies, including IBM, Cisco and Forcepoint. Imperva would be another fairly large buy for Symantec, with annual revenues of $234 million in 2015, but offers a broad array of web application, DDoS protection, breach prevention, file security, data security and cloud security solutions. In particular, ESG's Cahill said Symantec could benefit from the acquisition of a web application firewall vendor, like Imperva, which he said would "further enhance their cloud security portfolio," especially as more web app workloads are being deployed in the cloud.


If Symantec wanted to invest in the endpoint detection and response market, but didn't want to buy one of the largest players in the market, it might choose to pursue a newer entrant, such as Cybereason. The company was founded in 2012 by former members of the Unit 8200, Israel's equivalent to the NSA, and offers a real-time detection and response solution. The result is what the company says is a "military-grade" detection, powered by automation and analytics, as well as response, active monitoring and incident response services. It does not appear that the companies have any current partnership agreement in place.

WatchGuard Technologies

While Symantec focuses primarily on the endpoint market, it could look to expand into markets where it doesn't have a presence, such as deeper into network security with firewall technology. Marc Andrews, senior vice president and head of global sales, hinted in an interview with CRN that, if Symantec were to look to expand beyond its current markets that a firewall buy could be an example of that. However, Andrews did say that the company won't look to buy any technology it can't sell through "existing sales machine." WatchGuard could be an interesting buy for Symantec, as it both offers a firewall, as well as other technologies, and also focuses on the small to midmarket, where Symantec has said it is also looking to expand its presence.


Another area Symantec could look to expand is its analytics capabilities with the purchase of a UBA or UEBA player, ESG's Cahill said. Gurucul is a fast-growing player in that market, offering a solution that leverages machine learning to provide risk and behavioral analytics to pinpoint and prioritize threats, and provide context for user behavior in an organization. The two companies already have an integration relationship, with Symantec as a member of Gurucul's Insider Technology Alliance Partner program.


Another player Symantec could eye if it were looking to build out a SIEM offering is AlienVault, which offers a unified security management platform for SIEM, log management, behavioral management, intrusion detection, vulnerability assessment and asset discovery and inventory. The solution is aimed at the midmarket, where Symantec execs said it is looking to expand its offerings, a push led by former Senior Vice President of Global Sales John Sorensen. Symantec is already a technology partner of AlienVault.


Symantec may also look to expand its portfolio is in the area of mobile application security, according to Jane Wright, a principal analyst at Technology Business Research. Wright said a company like Appthority, which offers a cloud-based service for automated scanning, analysis, risk assessment and control over mobile enterprise applications. Wright suggested Apperion, which offers mobile application management and security capabilities, could be another option in this market. Wright said an acquisition in the mobile space would expand Symantec's current relationships around PCs and workstations to the mobile workforce.

"At a time when many customers are looking to reduce the number of vendors they use, expanding its mobile application security expertise through an acquisition would help Symantec cover more of its customers' security needs in the closely related areas of endpoint and mobile security," Wright said.


While another blockbuster acquisition is unlikely, following Symantec's $4.65 billion spend on Blue Coat Systems, the security vendor could still throw the market a curve ball. Reports said Symantec had put in a bid for FireEye before its acquisition of Blue Coat, with talks ending around February. FireEye has also been struggling on Wall Street, with its stock price dropping 35 percent in 2015, and rumors of a buyout have only accelerated through 2016. Symantec has been investing big in the advanced threat protection space, where FireEye primarily plays, launching its competitive solution a year ago. FireEye also offers endpoint security, incident response capabilities, and threat intelligence, all of which are areas where Symantec has its own presence.