'

Security vendors prepare for a bloodbath

The booming security market is heading for a bloodbath with both vendors and analysts expecting the number of companies selling security applications to fall from more than 700 today to just a handful by the end of the decade.Toby Weiss, senior vice president and general manager of CA's security business, told ZDNet Australia  on Tuesday that there are far too many security vendors and consolidation is inevitable over the next three to five years.

The booming security market is heading for a bloodbath with both vendors and analysts expecting the number of companies selling security applications to fall from more than 700 today to just a handful by the end of the decade.

Toby Weiss, senior vice president and general manager of CA's security business, told ZDNet Australia  on Tuesday that there are far too many security vendors and consolidation is inevitable over the next three to five years.

"The market is incredibly fragmented. I was told we are up to 700 different security solutions, which is daunting for customers to keep up with. Even if they meet with two different vendors a day it would take them an entire year including weekends," said Weiss.

That view is echoed by Michael Warrilow, Director of Sydney-based security consultancy Hydrasight, who said CA and Symantec seem to be emerging as the front runners in providing a "security software suite".

"There is no doubt that there are far too many security vendors out there. Every man, dog and venture capitalist has been investing in them over the past few years. In a recent US security conference there were literally 700 vendors but many of those are going to disappear or get gobbled up," Warrilow told ZDNet Australia .

According to CA's Weiss, the consolidation will be positive for enterprises because they will not have to deal with a large number of point solutions and will have less trouble integrating their products together.

"In the last few years customers have not been able to keep up with that number of point solutions and there are not enough standards for [the point solutions] to work with each other very well.

"In three to five years customers will probably be looking at one or two vendors to help them manage their security product suite. Similar to the networking systems management today where you would look at maybe IBM or BMC -- but you wouldn't look at 700 different vendors," said Weiss.

But this view is slammed by Hydrasight's Warrilow, who argues that consolidation does not make integration issues disappear.

"Just because [smaller companies] get gobbled up it doesn't mean the situation is any better. Instead of buying from 20 vendors you are buying 20 products from one vendor," said Warrilow, who pointed the finger at Symantec for being guilty of such practices.

"Symantec has bought 25 companies over the past few years... it has done a pretty poor job of integrating the products it has bought. Consolidation in terms of the number of vendors does not mean the products are any better integrated and customers have any less of an issue in terms of making them work," added Warrilow.