Symantec to snap up Vontu?

Rumors are swirling that Symantec may acquire start-up Vontu in a deal that hardly would come as a surprise, as large security giants scramble to add data-leak prevention technology to their product portfolios.

While officials at Symantec and Vontu decline to comment, such an acquisition would be the latest in a handful of examples of large security companies buying data-leak prevention players in the past twelve months. For example, EMC’s RSA group in August announced plans to acquire Tablus for an undisclosed amount, while Cisco earlier this year acquired IronPort (which offers data-leak prevention features in its e-mail security appliance) for $830 million. Late last year, Websense bought Port Authority Technologies for $90 million, and McAfee bought Onigma for $20 million.

Click to see: Disappearing DLP vendors

With Cisco, McAfee and EMC’s RSA already in the game, Symantec needs an answer for customers asking how they can protect themselves from insider threats.

Such acquisitions are reducing the ranks of independent data-leak-prevention players to very few, but are generally good news for the customers of such smaller companies. Becoming part of a larger company means their products probably will have a longer life than if the start-ups tried to go it alone, one analyst says.

“If Symantec buys Vontu, I think it’s good news; the products do work very well together at the gateway,” says Nick Selby, senior analyst and director of The 451 Group’s enterprise security practice. “While Symantec tends to be where good technology goes to die, it’s a very easy upsell for Symantec. And it’s good for other vendors in the space because it pulls their main competitor off the line.”

Such an acquisition also would bode well for customers looking to have data-loss-protection features integrated with other security products, which is where this market is heading anyway, Selby adds. “For existing Vontu customers, they would go from buying from a vendor to whom anti-data leakage was everything, to it being an important piece of something much bigger,” which is how the products should be viewed anyway, he says.

One customer of Vontu competitor Reconnex says he’s not concerned with his vendor’s ability to make it as an independent company, but worries what would happen to Reconnex products if the vendor were to be acquired. “We’ve had these situations where some of our vendors were bought and the service and product went downhill, so we left them,” says the customer, a security professional with a large technology manufacturer who asked not to be named.

The flurry of acquisitions of data-leak-prevention vendors by large security companies in the past year validates the need for these products, says one Reconnex executive. “Symantec or any large vendor first looks at the market and makes decisions based on their ability to deliver a home-grown solution vs. the time to market,” says Faizel Lakhani, Reconnex’s vice president of marketing. “Data-leak-prevention products are sophisticated [and] have taken vendors years to develop, and companies like Symantec can see the immediate value of acquisition vs. waiting to build it.”