February 23, 2006
The booming security market is heading for a bloodbath with both
vendors and analysts expecting the number of companies selling
security applications to fall from more than 700 today to just a
handful by the end of the decade.
Toby Weiss, senior vice president and general manager of CA's security
business, told ZDNet Australia on Tuesday that there are far too many
security vendors and consolidation is inevitable over the next three
to five years.
"The market is incredibly fragmented. I was told we are up to 700
different security solutions, which is daunting for customers to keep
up with. Even if they meet with two different vendors a day it would
take them an entire year including weekends," said Weiss.
That view is echoed by Michael Warrilow, Director of Sydney-based
security consultancy Hydrasight, who said CA and Symantec seem to be
emerging as the front runners in providing a "security software
"There is no doubt that there are far too many security vendors out
there. Every man, dog and venture capitalist has been investing in
them over the past few years. In a recent US security conference there
were literally 700 vendors but many of those are going to disappear or
get gobbled up," Warrilow told ZDNet Australia .
According to CA's Weiss, the consolidation will be positive for
enterprises because they will not have to deal with a large number of
point solutions and will have less trouble integrating their products
"In the last few years customers have not been able to keep up with
that number of point solutions and there are not enough standards for
[the point solutions] to work with each other very well.
"In three to five years customers will probably be looking at one or
two vendors to help them manage their security product suite. Similar
to the networking systems management today where you would look at
maybe IBM or BMC -- but you wouldn't look at 700 different vendors,"
But this view is slammed by Hydrasight's Warrilow, who argues that
consolidation does not make integration issues disappear.
"Just because [smaller companies] get gobbled up it doesn't mean the
situation is any better. Instead of buying from 20 vendors you are
buying 20 products from one vendor," said Warrilow, who pointed the
finger at Symantec for being guilty of such practices.
"Symantec has bought 25 companies over the past few years=85 it has done
a pretty poor job of integrating the products it has bought.
Consolidation in terms of the number of vendors does not mean the
products are any better integrated and customers have any less of an
issue in terms of making them work," added Warrilow.
InfoSec News v2.0 - Coming Soon!