Research

Yesterday, our friends over at Marker Advisors shared some information on what they see on the financial side of the IT security world. Today they follow up with a brief conclusion about how this is playing out. We’ve seen a ton of M&A activity ourselves, and have even written about it before. We’re seeing exactly the same trend- from a valuation standpoint it’s a buyers market, but many sellers are hanging on, hoping for a better exit. I think it will be fascinating to watch this dance play out at RSA this year, and plan on asking Randy and Russ for a follow-on post once we all get back from the show. M&A activity happens in cycles that are directly related to major product buying cycles. In times of slow growth, larger companies that can invest in the future try to project the ‘next big thing’. They then identify and purchase technology / expertise that will hopefully prepare them for the next upswing. The software business has always been one where ‘the rich get richer’. Large companies have the cash and cash flow, the sales organization, and the market presence to use downturns to augment their product lines. We have seen both traditional software companies (ORCL, MFE, SYMC, QSFT, OTEX, CA, BMC) grow via acquisition, as well as nontraditional buyers (IBM, EMC, HPQ) enter the market. As we came out of the 2001 – 2002 slowdown, M&A activity increased materially. However, in the last couple of years, as that cycle waned, combinations slowed. Marker believes another M&A cycle is imminent. Today, we have many interested buyers, but few sellers willing to entertain today’s valuations. Although we are not going to the valuations of 2006 / 2007 anytime soon, they should trend higher in time, and buyers and sellers will meet somewhere in the middle. Smaller public and private organizations desiring to be acquired should be preparing their business for this next M&A wave. How a company reacts and positions itself in the short term will eventually determine whether or not they are one of the prize catches, or one of the throwaways. About Marker Advisors: Marker is a research consultancy firm specializing in the software industry. We work with senior company management as well as sophisticated industry investors to create shareholder value. We provide detailed market intelligence, business and product strategy, and M&A advisory services. Share:

The big news at Securosis this week was the launching of Project Quant! Not only are we excited about working with some of the team members at Microsoft, but we are going to be really pushing the boundaries of our Totally Transparent Research process. Rich has been furiously setting up the infrastructure all week to support the public discourse for the project, and he just got it finished in time for launch. We are grateful that there is a ton of interest out there as we have been getting numerous tweets and email on the subject, and well as a ton of press on the project from eWeek, Dark Reading, ZDNet, and Dennis Fisher at ThreatPost. Jeff Jones posted an announcement on his Security Blog, plus there is coverage by Peter Galli on Microsoft’s Port 25 blog as well! There won’t be a lot of content pushed out next week as we are crazy-busy next week, but this will be a full time effort come May. On the personal side, I got a couple phone calls again this week. You know, the “My computer is doing FOO, and it stopped working” phone call from friends and family. As sure as the sun rises in the morning, I got another call today from a friend who has their machine infected with some form of malware. IE is completely locked, and when they try to use it now, all they get is an advertisement to purchase AV and anti-malware! After a few hours of someone in the family browsing risky sites and downloading music from dubious locations, it looked like they had managed to get infected with something that was not going to easily surrender. It passed the Eye Chart test, but I was not convinced that it was (or was not) Conficker. The next question of course is “How do I fix it?” and my response is “stop doing what you did to get it infected in the first place!” The snappy retort does not make me very popular, but why fix it and have them do it again a week later? Almost immediately I feel bad for them and go ahead and fix it. Most of the people who call use their computer to run their business. This is how they make their living. They are hosed. They will lose two or three days of revenue and piss off their clients if they don’t get back up and running ASAP. Can the virus be removed without permanent damage? Maybe, maybe not. A fresh install is probably the only way to be sure you got it. Serious education on what not to do is what it would take to keep it from happening again. Any way you slice it, this is a painful process. There are a lot of commonalities across this group: They use IE 6.x on Windows. They do not make backups. They do not keep the original software media or software licenses. They use their machines for their business. Their machines run very slowly, and have for a long time. They browse -everywhere-. They have never met an email link they would not click. They download lots of applications and music. They install a lot of free Internet applications just to see what they are. They have never uninstalled a program. They do not run disk cleanup. They have Norton or McAfee. They have malware and adware on the machine. They do online banking. There is no password on the machine. The machine is multi-use by/for all family members. They have never looked at IE settings. They are unaware that there are other browsers. I feel bad half the time, because I cannot fix the problem without a re-install. When I do re-install, getting the computer to where it was before the infection is a full day’s work … spread out over a week or more. Man do I have sympathy for the corporate IT guys who have to put up with this for a living! “Where are my bookmarks?” “Why does the computer do this?” “I can’t print!” “Why is this over here when it used to be over there?” Part of me wants them to feel a little pain, in order for them to appreciate that performing every risky act on your computer has consequences, but what really needs to happen is some education for the home user. I have been on this topic for some time, and I feel fairly strongly about it. Enough so that I even bought “Security Mike’s Guide to Internet Security” when it was still vapo-bookware to loan to family members to raise their awareness. Not that they would have read it before their computer imploded, but it would be there for them as they waited for InstallShield to complete its tasks. I know that security professionals need to help not just the vendors and IT organizations who have security challenges, but the end users as well. I am going to be cherry-picking a bunch of our old posts and putting them into the new Research Library for end user assistance and tips. Certainly not our focus, but something we will continue to build. And now for the week in review: Webcasts, Podcasts, Outside Writing, and Conferences: Martin and Rich on the weekly Network Security Podcast. Rich joined Amrit Williams of BigFix on the Beyond the Perimeter podcast. Favorite Securosis Posts: Rich: Our guest post from Marker Advisors on A Financial Analyst’s Perspective. Adrian: Pin Crackers post, raising some discussion points to Kim Zetter on the Wired Threat Level site in regards to “PIN cracking”. Favorite Outside Posts: Adrian: I liked Ronald McCarthy’s down-to-earth discussion of Ubuntu Security. Rich: Alex’s comments on Project Quant. Don’t worry Alex, we are all armed with ‘Multitools’ and chewing gum! Top News and Posts: An Examination of the Twitter Worm. The Verizion Data Breach report is out. It’s good. Read it when you get the chance, but some of the editorial posts are advised as well,