In the security industry successful companies need have breadth and scale. Security is and will remain an overhead function, so end users must strive to balance broad coverage against efficiency to control, and hopefully reduce, overhead. Scoff as you may, but integration at all levels of the stack does happen, and that favors bigger companies with broader product portfolios.

That trend drove Sophos’s rather aggressive move this morning to acquire Astaro, a UTM vendor. I won’t speculate on deal size, but Astaro did about $60MM on the top line last year and was profitable. They also were owned by the management team (after a recent buy-out of the investors), so there was no economic driver forcing the deal. So you have to figure Sophos made a generous offer to get it done.

And congrats to Sophos for not mentioning APT in the deal announcement – not even once. At least the Europeans can show some restraint.

Deal Rationale

Get big or get out. It’s pretty simple, and given the deep private equity pockets (APAX Partners) that acquired Sophos last year, it’s not surprising for them to start making aggressive moves to broaden the portfolio. We believe Astaro is a good partner, given the lack of overlap in product lines, general synergies in the target market, and ability to leverage each other’s strengths. Let’s hit each of these topics.

First of all, Sophos has no network security products. There are only two must-have mass market security technologies: AV and firewalls. If Sophos is going to be a long term player in the space they need both. The only overlap is in the content security space, where Sophos has email and web security gateways. But Sophos’ products are hardly competitive in that market so moving customers to Astaro’s integrated platform makes sense.

We also like the value Sophos’ research team can bring to Astaro. Clearly reputation and malware analysis is valuable at all levels of the security stack, and Astaro can make their network security products better immediately by integrating the content into the gateway. Astaro brings a lot of customer intelligence to the table. By that I mean Astaro’s real time link to each gateway in the field and granular knowledge of what each box is doing, where it’s deployed, and what it’s running. That kind of intelligence can add value to endpoints as well.

Both companies have also largely targeted the mid-market – although they each point to some enterprise accounts, the reality is that they excel with smaller companies. They’ll be strong in EMEA and Asia, but have their work cut out for them in the US. The ability to field a broad product line should help bring additional channel partners onboard, perhaps at the expense of less nimble AV incumbents.

There are also some good cultural synergies between the companies. Both European. Both known for strong technology, and not such strong marketing. Given that both endpoint and network security are replacement markets, it’s usually about sucking less than the incumbent, and we think the bigger Sophos should be able to grow share on that basis.

Achilles Heel

Keep in mind that Sophos did one other deal of this magnitude, Utimaco, a couple years back, which turned into a train wreck. The real issue in the success of this deal isn’t markets or synergies – it’s integration. If they didn’t learn anything from the Utimaco situation this won’t end well.

But current indications that they will leave Astaro as a stand-alone entity for the time being, while looking for good opportunities for integration, which would be a logical plan. The key will be to make both product lines stronger quickly, with limited integration. Check Point never did much with their endpoint offering because it didn’t leverage the capabilities of the perimeter platform and vice-versa. Sophos can’t afford to make that same mistake.

We also hope Sophos locked in Astaro’s management for a couple years and would look to leverage some of that talent in bigger roles within Sophos.

Competitive Impact

Having offerings on both the endpoint and network gives Sophos a differentiated position, with only McAfee (of the big players) having products in both spaces. Given the need for mid-market companies to alleviate the complexity of securing their stuff, having everything under one roof is key. Will Symantec or Trend now go and buy a network security thingy? Probably not in the short term (especially given the lack of compelling choices to buy), but in the long run big security companies need products in both categories.

Overall, we like this deal. The devil is in the integration details, but this is the kind of decisive move that can make Sophos one of the long term survivors in the security space.