McAfee buying MX Logic and IBM’s purchase of Ounce Labs are interesting deals, but they’re hardly earth shattering. Over the last decade, several security mergers and acquisitions have transformed the marketplace, advanced the state of the art and enshrined technologies as essential parts of the security toolkit. The following deals are my dozen favorite security mergers and acquisitions (in no particular order).

1. Juniper Buys NetScreen/Neoteris
The modern-day Juniper Networks was formed by two serial deals: Juniper buying NetScreen Technologies and a prior deal of NetScreen buying Neoteris Technologies. NetScreen was once the hottest companies in the security world with its high-performance and reasonably priced firewalls. So successful was NetScreen that it had one of the few successful IPOs in 2001 during the dot-com bust. In 2003, NetScreen legitimized the nascent SSL VPN market with its acquisition of Neoteris. Just a few months later in 2004, Juniper made a successful $3.4 billion bid for NetScreen. Not only did NetScreen transform Juniper into a networking and security powerhouse, but also noted for being one of the few successful large tech mergers in history.

2. McAfee Buys Intruvert; 3Com Buys TippingPoint
When the security industry tired of passive intrusion detection systems (IDS), they turned to new proactive technology dubbed intrusion prevention systems (IPS). The two pioneers of the new technology were TippingPoint and IntruVert, which achieved marginal success with what looked like a traffic-aware firewall that inspected and blocked what it deemed malicious activity. Neither company had been around long when McAfee bought IntruVert and 3Com bought TippingPoint in 2004. At the time, the acquisitions seemed to validate the IPS technology. 3Com never successfully leveraged TippingPoint and spin it off in 2007. IntruVert remains a part of the McAfee stable and an integral piece of the company’s risk management strategy.

3. Secure Computing Rescues Gauntlet
When Network Associates (now McAfee) finally decided that it had enough of the amalgamated security suites comprised of technologies that didn’t have much synergies, it started divesting divisions to focus on its core. The Gauntlet firewall division was sold to Secure Computing in 2002. Secure Computing, considered one of the grandfathers of the security industry, merged the Gauntlet technology with its own Sidewinder firewall to create the Sidewinder G2, widely considered a best-in-class security appliance. Ironically, McAfee got the firewall technology and appliances back last year when it bought Secure Computer for $833 million.

4. Symantec Picks Up RipTech
Before there was a broad managed services market, there were the managed security service providers (MSSPs), which offloaded on-premise firewall management and network monitoring to a remote operations center for large enterprises. Venture capitalists plowed a ton of money into dozens of MSSPs, but none capture the community’s attention the way RipTech did. No sooner did RipTech come out of stealth mode did Symantec buy it in 2002 for a cool $140 million. The deal legitimized the MSSP market and got previously hesitant enterprises interested in security services. RipTech paved the way for the formation of services such as VeriSign, MCI, Verizon, BT and MX Logic (now McAfee).

6. EMC Snags RSA Security
The worst kept secret in 2006 was that RSA Security was for sale. The company had done well when it held the DES encryption patent, but had reached a plateau as it branched out into identity management. Storage giant EMC was looking to build out a portfolio to transform itself as an information management company, and security was a big gap in the vision. In June 2006, EMC bought RSA for $2.1 billion and made a fateful decision to allow the security division to operate autonomously. Since then, RSA has blossomed into a player in data loss prevention technology, and is partnering with Microsoft to develop better data protection tools.

7. Symantec Merges Veritas
Symantec holds the record for the most expensive acquisition in the security market, the 2004 deal for storage management software vendor Veritas that cost more than $13 billion. While this ended Symantec as a pure-play security vendor, it did foreshadow the trend toward information management that included security. What makes this merger significant is that it’s proven as damaging as beneficial to Symantec. Veritas propelled Symantec to become a $6 billion business. But integrating the company proved exceedingly difficult, and a botched ERP upgrade nearly broke Symantec’s channel and revenue stream. In the wake of Symantec-Veritas, SonicWall acquired Lasso Logic for data backup capabilities and, most recently, McAfee and EMC announce a partnership to develop backup products.

8. Google Taps Postini and Green Borders
Google did the unthinkable in 2007; it strayed outside of its core search business and bought big into the security market. First, it bought Green Borders, an innovative startup desktop security company that protected Web browser sessions with a virtual sandbox. Then, it laid out $625 million to acquire Postini, a pioneer in the email security services market. Between the two deals, Google over night became a major player in the security community and the channel. The Postini partners Google inherited provide the foundation for the channel program it has today for enterprise search and Google Apps. These deals showed Google wasn’t solely interested in just search and search related products, making it a potential competitor to everyone.

9. Oracle Eclipses Sun Microsystems
On the surface, this doesn’t look like much of a security deal, but there’s an interesting security angle in Oracle’s $5.5 billion acquisition of Sun Microsystems. In 2005, Oracle bought Thor Technologies for its user provisioning technologies and Oblix for its identity management platform. In 2007, it added to the collection with the acquisition of Bharosa for identity theft detection and prevention, and Bridgestream for its identity role management systems. Oracle hasn’t made much headway in identity management, but it could with Sun. Sun is one of the few vendors with its own directory software, as well as a suite of identity management tools. The Sun acquisition could be enough to make Oracle a major player in the identity management world and transform that niche, but important marketplace.

10. Microsoft Grabs Giant and Sybari
No bigger malware target exists than Microsoft, whose software has been the favorite target of virus and worm writers for years. Microsoft has long partnered with all the major antivirus vendors, but in 2004 it decided to get into the antivirus business itself by buying European antispyware vendor Giant. In 2005, Microsoft added to its antivirus arsenal by buying Sybari, which provided a package for running multiple AV engines. The two technology sets lead to Windows Defender and, ultimately, Morro—the new Microsoft antivirus service. While Symantec, McAfee and other AV vendors loathe admitting these Microsoft acquisitions forced them to rethink their market positions and diversify. While they weren’t the biggest deals on the list, they were among the most impactful.

11. IBM Salvages Internet Security Systems
Internet Security Systems was once a crown jewel of the security industry with its Web vulnerability scanner, X-Force research team and Proventia intrusion prevention system. It was also a pioneer of the managed security services market. But ISS fell on hard times, and it sold to IBM in 2006 for $1.3 billion. IBM initially placed ISS in its global services division, leading many to believe that Big Blue just wanted ISS’s teams of consultants and security specialists. However, pieces of ISS technology are finding new life in IBM products, such as the new Continue Data Protection System.

12. Ubizen, TruSecure and BeTrusted Morph into CyberTrust
Once upon a time, there was something called the National Computer Security Association (NCSA), which later became the International Computer Security Association (ISCA) and finally transformed itself into TruSecure, a hodgepodge of security professional and managed services. Ubizen was the Belgium-based managed security services company that kept shrinking as it pushed deeper into the U.S. market. And BeTrusted, a spinoff of PricewaterhouseCoopers, provided a series of managed security services and digital certificate products. In 2004, the three struggling companies merged to create one large struggling security services company. In 2007, telecom giant Verizon acquired CyberTrust as the cornerstone of its current managed security services. This provided the roadmap for other telecoms to enter the managed services market.

These are my choices as the most interesting and significant. Yes, many interesting security deals didn’t make the list, like IBM buying Access 360 to get into identity management, CA buying PestPatrol, Symantec’s purchase of Axebt for its VelociRaptor firwalls or Cisco buying IronPort. I’m sure there are many more out there that escape my memory, too. Feel free to add to this list. What are your favorite security mergers and acquisitions?