The information security marketplace has been hotting up quite a lot over the past few months and looks like it will continue to do so into the near future.  As we suffer more and more attacks the battle cry from many of the major vendors seems to be “Thar be gold in them there ills”.  Mike Rothman, the Pragmatic CSO, has an excellent write up on his Security Incite Blog on how information security professionals should deal with the situation when one of their vendors is being acquired by another company.  Some of the key points Mike outlines with regard to Symantec’s proposed takeover of Vontu are;

1. Wait for the deal to close – Until the deal closes, there is nothing really to talk about. Lots of SYMC people and Vontu people will be sitting in meetings, talking about integration and the like. But until the papers are formalized, nothing is going to happen.
2. Ask for a sit-down with your Vontu rep – If they are still there after the close, then you’ll want to have a sit down with your Vontu account team. Remember, you spent an average of over $400,000 for the software, so you deserve to hear what the integration plans are, if/how the product strategy is changing, and what benefits you will see from the deal.
3. Sit down with your SYMC rep –  Just in case they forget to show up at the last meeting, you should also meet separately with the Big Yellow rep. He/she needs to be able to explain to you how your Vontu purchase and continued support (read maintenance renewal) will impact your current volume deals. $400,000 is a lot of AV renewals, so you should have a bit of leverage. Every market in security is competitive, so use that leverage to save some coin.
4. Invite Competitors B and C back in – Since you want to make sure you continue to have Plan B and C, re-establish the dialog with the DLP vendors that didn’t win the deal the first time around. They know why they are there, and make it clear that no decision is forever and if SYMC bungles the integration, you’ll be in the market for another solution. Learn what kind of pricing concessions are on the table and also how the migration process would work.
5. Hope a bit – Hope isn’t a strategy, but it can’t hurt – can it? So pull for the integration to go well and your previously small vendor to have lots more resources to support you better and bring new capabilities to market. There are clear advantages to having a big bankroll, maybe they’ll take advantage of them.

I strongly recommend you have a look at Mike’s Blog.  He will make you think differently about information security.  If you have not done so already, his book The Pragmatic CSO is also a good read for those starting off in Information Security and those of us who have been around the block a few times.