Symantec's acquisition of MessageLabs

Jonathan Penn

This acquisition extends Symantec into the security software-as-a service (SSaaS) market, but it doesn’t in itself provide any proof that Symantec is looking at SSaaS strategically.
For example, we have not yet had any indication from Symantec that it is conducting
a portfolio-wide SSaaS opportunity analysis.

Rather, this appears to be a
tactical move into the most mature area for security outsourcing -– results from our Enterprise And SMB Security Survey, North America And Europe, Q3 2008
show that content filtering is the most commonly managed/outsourced security
function (31% of organizations surveyed have procured content security as an managed
or outsourced service).

That's a shame. As we have written recently when analyzing the market for security outsourcing,
we've seen security outsourcing grow 22% for 2007, and we expect it to continue outpacing growth of the overall security
market. IT Security groups are reeling under the pressure of a skills shortage, the desire for cost transparency and predictability if not outright cost reduction, and a need to alleviate themselves from tactical and operational functions so they can have time to focus on more strategic initiatives and areas. All of these are strong factors driving the market for security outsourcing.

As for the acquisition itself, Symantec will undoubtedly look to rationalize technology
across the product/service realms. It’s not likely that much of MessageLabs'
technology could be easily productized, given that it was designed as
a service from the start. So there is some risk of disruption for MessageLabs customers as
Symantec replaces as well as augments some MessageLabs functionality with its own, but nothing at this time warrants that customers start looking elsewhere. And the move strengthens Symantec's overall market footprint in
content security, though Symantec still remains weak to non-existent in the Web
content security space.

Obviously, this wasn’t a direct response to Mcafee’s
acquisition of Secure Computing
, given the close proximity of the two announcements. But it is certainly evidence of the market's consolidation trend (stay tuned: within the next month, I’ll be
coming out with some research on the extent and pace of security acquisitions).

Indeed, this is by no means the end of the heightened acquisition activity we've been witnessing in the security market. On the contrary, far more acquisitions are likely. Not only could (should!) Symantec jump into the Web content security space by acquiring a vendor like Finjan or Mi5 Networks, but other big vendors with cash on hand will see attractive acquisition opportunities arise in the current economic climate.