STG announced that they intend to acquire McAfee’s enterprise business for around $4B. The McAfee brand will continue to operate and focus on consumer cybersecurity. STG will pick up MVISION, Global Threat Intelligence, database security, unified endpoint security, CASB, CSPM, CWPP, DLP, SIEM, SWG, XDR, and policy management products and services.

STG picked up RSA from Dell in September 2020. When the deal closed, STG stated that RSA would remain independent and would pursue growth in their most successful product lines: Archer, SecurID, NetWitness, and the Fraud & Risk Intelligence suite. These products cover risk management, compliance, authentication, access control, single sign-on, identity governance, fraud reduction, EDR/NDR/XDR, SIEM, SOAR, and UBA.

In 2019, STG became majority owner of RedSeal, which offers security solutions for cloud, compliance, and vulnerability management.

STG is clearly making a major investment in cybersecurity technologies. For now, there are no indications that these companies will be merged. However, that may change after the transaction is finalized for four major reasons:

  1. Functional overlaps between products: software development and maintenance costs are redundant in those areas and lead to less profitability.
  2. In areas where these overlaps exist, there are product and innovation leaders and challengers. Combining capabilities into single products could make them much stronger and more competitive in the market.
  3. The breadth of coverage that these products and services provide could be integrated into a suite that enable cross-selling and up-selling for current customers of each separate brand.
  4. CIOs and CISOs, the buyers of these kinds of products, generally prefer integrated stack solutions to a multiplicity of point solutions. They’re easier to manage contractually and can be more cost-effective for enterprise customers.

To summarize: With the broad set of technologies owned by the various companies, there is a potential for building stronger, more integrated solutions and services and positioning the entity as a one-stop-shopping for major areas within cybersecurity. This will require a vision and well-thought-out strategy, underpinned by a roadmap that is consequently executed. However, with the obvious synergies across the portfolio, there is a strong potential if the various companies become fully integrated. We rate this potential as way higher than the inherent risks of any merger.

For existing customers, there is no immediate need for action. If the companies do not integrate and innovate, you should revisit the tools you have in place on whether they still meet your business requirements. This should be done for all software and services regularly anyway as part of a recurring portfolio review and optimization process.

On the other hand, an integrated approach, if done right, will enable these companies to attract more new customers and thus grow in the market.

KuppingerCole has evaluated these companies’ products in the following Leadership and Market Compasses:

Market Compass Cloud Access Security Brokers

Leadership Compass Cloud Access Security Brokers

Leadership Compass Database and Big Data Security

Leadership Compass Enterprise Authentication Solutions

Leadership Compass Adaptive Authentication

Leadership Compass Access Management

Leadership Compass Access Governance & Intelligence

Leadership Compass Network Detection & Response

Leadership Compass Identity Governance Administration

Leadership Compass Fraud Reduction Intelligence Platforms

Leadership Compass IDaaS Access Management

Leadership Compass Identity Governance Administration

Leadership Compass Enterprise Endpoint Security Anti-Malware