As 2006 draws to a close, the information security industry is changing, following a number of high-profile acquisitions and strategic alliances.

What's behind all this activity, and is it the whole picture?

A man who knows more than most is Jay Chaudhry, Secure Computing's chief strategy officer. Secure Computing swallowed Chaudhry's previous company, CipherTrust, in a $273 million (£146 million) deal earlier this year.

"It's all down to market maturity," he says. "Those security market segments that are becoming mature will be gobbled up. Mergers and acquisitions mean there will be fewer but deeper relationships with many customers."

But, according to Chaudhry, there are still 800 security companies operating in North America. Clearly, they won't all survive, but venture capitalists' continuing love affair with IT security means that there's no shortage of well-funded start-ups.

Chaudhry predicts we will have three types of infosec outfits in the future: big companies with security as a sideline - IBM, EMC, Cisco et al; independent security-focused companies such as Secure Computing and Check Point; and start-ups.

"New threats and emerging technology such as VoIP mean there will be no shortage of innovative start-ups driving new security solutions," he says.

Chaudhry believes that the distribution of new businesses will stay focused in the US.

The prognosis for Europe is bleak, with only South Korea and Israel tipped as centres of innovation in IT security to rival the United States. "Russia has some expertise in anti-virus technology," he concedes.

EMC buys RSA $2.1 billion (£1.1 billion)
Storage king buys into encryption
IBM buys ISS $1.3 billion (£695 million)
Big blue gets to be a player in managed security services
SurfControl buys BlackSpider $20 million (£11 million)
On-demand web services are the main attraction
McAfee buys Onigma $20 million (£11 million)
Anti-virus expert adds a data protection boost
Keep up to date with developments online at