From Bugbear to SoBig to Blaster, the wave of virus and worm attacks this year has proved that existing security defenses are inadequate or too complex to get the job done. Consider this: 83% of companies say they've been hit by viruses and worms this year, though most have already spent heavily on antivirus and firewall software, according to a soon-to-be-published Yankee Group survey of 404 companies with more than 500 employees.

Last week, several security vendors made acquisitions that may help customers improve system and network protection. "What strings all of these acquisitions together is the fact that current security offerings aren't doing an adequate job," says Eric Ogren, a senior Yankee Group analyst.

Internet security and infrastructure-services firm VeriSign Inc. says it will acquire privately held managed-security services provider Guardent Inc. for $140 million in stock and cash. Mark Griffiths, VP of security services at VeriSign, says the acquisition will help the company's ability to manage intrusion-detection systems and bolster its vulnerability-assessment and security-consulting services.

The VeriSign-Guardent deal, expected to close in the first quarter of 2004, leaves only a handful of smaller managed-security services providers, including Counterpane Internet Security, RedSiren, and Solutionary, which compete with larger providers such as Computer Sciences, IBM, and Unisys. Just two years ago, dozens of such companies existed.

In another buyout, VPN and firewall vendor Check Point Software Technologies Ltd. acquired desktop firewall maker Zone Labs Inc. for $205 million. Check Point will pay $92 million in stock and $113 million in cash. Zone Labs also is known for its Integrity application, which helps companies enforce their security policies.

Lloyd Hession, chief information security officer at financial-network provider Radianz Inc., says management of security apps needs to be simplified. "You have to integrate security into the desktop, and that's what it looks like Check Point is going to do," Hession says. "Check Point has been taking a lot of flack recently for not having a strategy. They had to make a move like this."

The third deal of the week was the acquisition of Gibraltar Software Inc. by patch-management vendor Shavlik Technologies LLC. Terms weren't disclosed, but the acquisition will enable Shavlik to expand its patch-management applications for Microsoft Windows to support other operating systems, including Solaris and Red Hat Linux. Shavlik hopes the acquisition will help it support customers' needs to keep all their operating systems secure.

Patching is proving to be a costly exercise. According to the Yankee Group survey, it can cost up to $234 to patch each desktop. So it would cost a company with 5,000 desktops more than $1 million to apply a single patch, analyst Ogren says.

Whether security vendors will be able to ease the burden of expensive hacks and virus attacks remains to be seen. But businesses are bracing for another brutal year. More than half of the companies in the Yankee Group survey say they'll be spending more on antivirus, firewall, and intrusion-prevention applications.