For all the talk about a chronic shortage of exits for venture-backed companies, one segment of the venture capital technology ecosystem is poised to go from "hot" to "hotter". IT Security -- the umbrella term for technologies designed to protect the digital superhighway -- is coming into its own, and in a big way. Following on the heels of repeated breaches of government and corporate networks, widespread theft of credit card records and medical records transitioning to digital storage and delivery, the security risk index on computer networks has moved from "potentially dangerous" to "we're under siege".
With active attacks measured in the hundreds of thousands virtually daily, the old adage that a chain is only as strong as its weakest link -- in this case, the computer networks that represent the fabric of commerce (and government) on a global basis - is top of mind for chief security officers around the world.
Increasingly, these attacks are originated by state entities engaged in governmental and/or commercial espionage and highly organized criminal gangs. While the 13-year-old wunderkind who "hacks" for fun is still with us, the attacks today are orchestrated by the equivalent of PhDs as well educated and sophisticated as any in the world in search of treasure, whether it is commercial, intellectual or political. The attackers are well funded, highly disciplined and have the advantage. While those in charge of IT security work hard to successfully thwart every attack, the attackers only need be successful periodically. This boils down to electronic asymmetric warfare, and it is a surging frontier for innovation and investment among many of today's entrepreneurs.
Through the first nine months of the year, U.S. venture capital firms invested $9.2 billion, up from $8.9 billion in the same period in 2009, and a healthy dose of that was invested in security startups. This was predictable given a huge surge in recent months in acquisitions of IT security companies, which is highly likely to accelerate further. There were a whopping 16 IT security acquisitions in the last 100 days. They exceeded $10 billion in value by the estimation of myself and others.
Here is the list in chronological order, including acquisition prices if disclosed:
- On July 1, IBM acquired BigFix, a private company based in Emeryville, CA, that replaces fragmented tools, including vulnerability assessment and security compliance tools, with one unified control architecture.
- On July 7, Boeing acquired Narus, a Sunnyvale, CA, based provider of real-time traffic and analytics software to protect against cyber attacks and threats aimed at IP networks.
- On July 12, Quest Software, an Aliso Viejo, CA, based maker of technology systems management software, acquired Volcker Informatix AG, a German software company that makes products that help companies manage user identities, access privileges and security.
- On July 13, GFI Software, a Raleigh, N.C., provider of software infrastructure products for small and medium-size companies, acquired Tampa Bay-based Sun Belt Software, a major provider of Windows-based security software.
- On July 22, Mobile Media Unlimited Holdings, a London-based public company specializing in the dissemination of cell phone-based advertising, acquired Enable Software, a Warkwickshire, England, based company that empowers the interception and analysis of audio communications.
- On July 23, Digital Barriers, a publicly held London-based maker of thermal imaging equipment for perimeter surveillance, acquired Overtis Solutions, a Berkshire, England-based maker of software that prevents malicious or fraudulent data misuse. It paid 3.2 million pounds.
- On July 27, Juniper Networks acquired Columbus, Ohio, based SMobile, a mobile security firm. It paid70 million.
- On July 27, Commtouch, a public U.S. company that supplies Internet security technology to 150 security companies and Internet service providers, acquired the antivirus division of Authentium, based in Palm Beach Gardens, FL.
- Only July 29, McAfee acquired Singapore-based tenCube, a provider of a mobile security service to combat the ubiquitous problem of lost cell phones.
- On August 9, Tektronix Communications, a Plano, Texas, provider of communications test and network intelligence solutions, acquired Arbor Networks, a Chelmsford, MA, based provider of security management solutions for global business networks. Its customers include more than 70 percent of the world's Internet service providers.
- On August 4, St. Bernard Software, a San Diego based maker of web security appliances, acquired Red Condor, a Rohnert Park, CA, based purveyor of managed email security solutions.
- On August 19, Intel acquired McAfee, among the world's biggest makers of antivirus software. Intel said it acquired the company because security has become a fundamental component of online computing, including mobile and wireless devices, TVs, cars, medical devices and ATM machines. Intel paid7.7 billion in stock.
- On August 30, CA Technologies, a public company, acquired Arcot Systems, a Sunnyvale, CA, based maker of advanced authentication and fraud prevention solutions for on-premise software and cloud computing. CA Technologies paid200 million in cash.
- On September 1, VMWare acquired Los Gatos, CA, based TriCipher, a provider of secure access management for cloud-hosted service-as-a-service applications.
- On September 13, Hewlett-Packard acquired ArcSight, a Cupertino, CA, based global provider of cyber security and compliance solutions that protect organizations from enterprise threats and risks. The price was1.5 billion in stock.
- On October 4, Raytheon acquired Reston, VA*, based Technology Associates, a provider of computing engineering for the U.S. intelligence community. Raytheon said it bought the company to expand its cyber security business.
As impressive as this level of activity is, all indications suggest even a bigger spurt of security acquisitions in the months ahead. Driven by unprecedented levels of cash on the corporate balance sheets of major technology corporations and a deep-seated conviction that IT security must chronically be improved, this almost certainly will be one of the next major growth areas for technology spending. "No one argues about whether or not our IT security budget will be up," a corporate chief security officer recently told me. The only question is up by how much? We can't afford to be wrong or vulnerable."
Beyond the obvious reason, an acquisition frenzy will be further fueled by an unusually broad set of buyers interested in IT security. In addition to major technology companies, major systems integrators are showing significant interest to better meet the needs of their governmental customers and also to more deeply penetrate the commercial market. These systems integrators include Lockheed, Boeing and General Dynamics. Other major acquirers include telecommunications companies, which want to better secure the data, now all in IP packets, that traverses their networks. They also want to offer customers new data security services.
The data and the trends once again confirm that venture-backed innovation remains alive and well, at least in select areas. This is good news for enhanced cyber security, which is essential, and for all other types of venture capital-backed innovation, which is good for the U.S. economy.
Editor's note: This post originally stated that Technology Associates is based in Carlsbad, CA, but has been corrected, as that firm is based in Reston, VA.
Robert R. Ackerman, Jr. is the founder and managing director of Allegis Capital (www.allegiscapital.com), a seed and early-stage venture firm headquartered in Palo Alto. Ackerman has worked with more than 50 corporate investment partners over the past 20 years as both a venture capitalist and a startup executive.