Symantec Corp. is entering the encryption market, acquiring encryption giant PGP Corp., and GuardianEdge Technologies Inc., in a $370 million deal that will integrate the two vendors' platforms into Symantec's centralized management platform

Symantec paid $70 million for San Mateo, Calif-based GuardianEdge and $300 million for Menlo Park, Calif.-based PGP. The agreements are subject to regulatory approvals and are expected to close during the June quarter.

Symantec president and CEO Enrique Salem said both companies' product lines could be integrated across Symantec's product portfolio lines, including its Software as a Service, backup and recovery and security offerings. Symantec currently has an OEM relationship with Guardian Edge and PGP.

GuardianEdge Hard Disk Encryption and Removable Storage, backbone Symantec's Endpoint Encryption Product as well as the Altiris Total Management Suite. PGP's encryption technology, meanwhile, resides in the Symantec Data Loss Prevention offerings, which are based on the former Vontu solution. Symantec acquired Vontu in November 2007.

This is Symantec's first acquisition in the encryption market. One of its principal rivals, McAfee Inc., acquired SafeBoot Corp. in November 2007. SafeBoot was an encryption and user authentication vendor; SafeBoot is now the McAfee Endpoint Encryption product

Salem said he's seen increased interest and inquiries from customers about investments in DLP, but said customers want encryption capabilities as a first line of defense. He singled out PGP's encryption key management as a driving factor in his company's pursuit of its longtime partner.

"Encryption is important, but what is more important is that you have policy-driven approach to the management of encryption keys," Salem said. "PGP allows us to offer key management across the breadth of our portfolio."

Symantec's $300 million acquisition of PGP, can enable it to offer its customers a full range of full disk encryption (PGP) and removable media encryption (GuardianEdge); Salem added that since are both OEM partners, he expects any integration issues to be minimal.

"At this point, we see an opportunity to go way beyond removable media and hard disk encryption, and have a policy-based key management infrastructure across the range of products we offer," he said. Earlier this year, PGP acquired ChosenSecurity. The move brought PGP into the identity management space as well; ChosenSecurity's offerings bring security and trust of individuals taking part in SSL transactions, as well as the authentication of mobile applications and the creation of digital signatures. Salem added that Symantec would be able to move trust and encryption onto endpoints, leaving server authentication and trust to leaders such as VeriSign Inc.

"This helps us move further into identity [management] and trust of individual users," Salem said. "Expect us to do more around trust."

Symantec has had a close relationship with GuardianEdge, licensing its technology for its endpoint protection suite. The relationship was so close that Nick Selby, a former industry analyst, said he predicted in 2009 that the two vendors would come together. Selby, currently managing director of Trident Risk Management, a security consultancy, said the acquisition gives Symantec a boost over Sophos Plc. and brings it closer to its rival McAfee. Both vendors added encryption capabilities by making their own acquisitions. (McAfee acquired Safeboot Inc. in 2007, and Sophos acquired Utimaco Safeware AG in 2008.)

Selby said Symantec shouldn't have many integration issues. While there is some overlap, the two vendors mostly complement each other, helping Symantec integrate encryption across data loss prevention, email and file and server protection. Integrating PGP's key management platform into the Symantec Protection Center will help centralize encryption management, he said.

"PGP will give Symantec the ability to provide more integrated and widely deployed key management and better policy controls over key management," Selby said. "GuardianEdge is very good at removable media and mobile device encryption and they're better at rolling encryption out and updatability."

Selby said, Symantec will have to demonstrate that it can continue to improve in integrating its acquisitions, as it did with its acquisition of DLP vendor Vontu in 2007. Integrating encryption and key management into an heterogeneous, enterprise-wide portolio is a non-trivial task. If done successfully it can be a huge growth opportunity for Symantec, he said.

Less than a week after Symantec's acquisitions of encryption vendors PGP Corp. and GuardianEdge Technologies Inc., the rash of consolidation in the computer security market continued Monday when Sophos agreed to sell a majority interest to global private equity group, Apax Partners

Terms were not released, but the company is valued at $830 million, according to a news release. Minority shareholders TA Associates will also sell its full interest in Sophos to Apax. Sophos, which specializes in endpoint security and antimalware protection, said it had revenue in excess of $260 million as of March 31, the end of its fiscal year.

Apax Partners, meanwhile, focuses on five business sectors, including technology and telecommunications companies.

Sophos, based in the U.K., was one of the largest remaining standalone security vendors, trailing Symantec Corp. and McAfee Inc. for leadership in the endpoint security space, and McAfee in the sale of data protection suites, according to the Sophos release.

"As the market continues its migration from point solution to tailored, unified security suites, Sophos' strategy to offer the world's most resilient, cost effective solutions without any additional complexity remains key," said Sophos CEO Steve Munford, in a prepared statement. " Apax's financial backing, combined with Sophos's deep understanding of security and data protection is great news for our customers, prospects and partners."

"We identified the security software space as an attractive investment area for us given its rapid growth driven by ever increasing malware threats and high barriers to entry," said Salim Nathoo, a partner in the Tech & Telecom team at Apax Partners. "Sophos is a very strong platform and is gaining market share. Apax's strong track record and industry specific knowledge in the technology sector makes Sophos a perfect fit."

Sophos founders Dr. Jan Hruska and Dr. Peter Lammer will keep a minority share of the company.

TA Associates, which sold its full interest in Sophos to Apex, remains in the security space. The investment firm paid more than $200 million in 2009 for a stake AVG Technologies Inc.

Mergers and acquisitions are done for many reasons. Sophos customers should look more closely at how the company communicates its strategy and focuses its resources, said Jonathan Penn, a vice president at Forrester Research Inc. Selling a majority stake to a private equity firm could be a sign that the firm is gaining the financial resources it needs to expand the company, he said.

"They could be using this as a foothold to develop a broader security play," Penn said. "This could be good news for [Sophos customers] because there's some backing and financial resources to expand the portfolio and in the end that's going to make for a more stable and deeper partner."

Penn said Sophos was one of the first to expand beyond threat management at the endpoint to more proactive data protection. "They definitely have some praise on the ease of implementation, simplicity of management," he said.

Like many security vendors in this space, Sophos has had a difficult time competing against Symantec and McAfee, Penn said. The highly competitive market for endpoint security includes Microsoft, Trend Micro, Kaspersky Lab, and F-Secure, among others. Sophos has been "moderately successful," Penn said.

The challenge for Sophos has been to really stand out. The vendor has grown in market share by being the alternative to the top-tier vendors. "That's a difficult position to grow at the pace the rest of the market is growing," Penn said. "My perception is that Sophos hasn't been as aggressive in the large enterprise space and focusing more on mid-tier businesses."

U.S. probes cyber attack on water system

(Reuters) - Federal investigators are looking into a report that hackers managed to remotely shut down a utility's water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

The November 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.

He said that the same group may have attacked other industrial targets or be planning strikes using credentials stolen from the same software maker.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

SCADA SECURITY

Cyber security experts said that the reported attack highlights the risk that attackers can break into what is known as Supervisory Control and Data Acquisition (SCADA) systems. They are highly specialized computer systems that control critical infrastructure -- from water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines.

The issue of securing SCADA systems from cyber attacks made international headlines last year after the mysterious Stuxnet virus attacked a centrifuge at a uranium enrichment facility in Iran. Many experts say that was a major setback for Iran's nuclear weapon's program and attribute the attack to the United States and Israel.

In 2007, researchers at the U.S. government's Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator. (To see video that was leaked to CNN: http://www.youtube.com/watch?v=fJyWngDco3g)

Lani Kass, who retired in September as senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said the United States should take the possibility of a cyber attack seriously.

"The going in hypothesis is always that it's just an incident or coincidence. And if every incident is seen in isolation, it's hard -- if not impossible -- to discern a pattern or connect the dots," Kass told Reuters.

"Failure to connect the dots led us to be surprised on 9/11," she said, describing the September 11, 2001 hijacking attacks as a prime example in which authorities dismissed indicators of an impending disaster and were caught unaware.

Representative Jim Langevin, a Democrat from Rhode Island, said that the report of the attack highlighted the need to pass legislation to improve cyber security of the U.S. critical infrastructure.

"The stakes are too high for us to fail, and our citizens will be the ones to suffer the consequences of our inaction," he said in a statement.

ILLINOIS ATTACK

Several media reports identified the location of the attack as Springfield. City officials said that was inaccurate.

Don Craven, a lawyer and a trustee for the Curran-Gardner Township Public Water District, said late Friday that the small water utility was aware that "something happened" but that he did not have much information on the matter.

"We are aware there may have been a successful or unsuccessful attempt to hack into the system," Craven said by telephone from his Springfield, Illinois, office.

"It came through a software system that's used to remotely access the pumps," he said. "A pump is burned out."

The district serves some 2,200 customers in a rural district West of Springfield. He said there was no interruption in service as the utility operates multiple pumps and wells. Its water comes from an aquifer underneath the Sangamon River.

Craven said he did not know what software at the utility was involved but said he was confident that no customer records were compromised. He said he was mystified as to the reason hackers might have targeted the tiny district.

The general manager of the utility has not returned messages.

OTHER ATTACKS?

Quoting from the one-page report, Weiss said it was not yet clear whether other networks had been hacked as a result of the breach at the U.S. software maker.

He said the manufacturer of that software keeps login credentials to the networks of its customers so that its staff can help them support those systems.

"An information technology services and computer repair company checked the computer logs of the system and determined the computer had been hacked into from a computer located in Russia," Weiss quoting from the report in a telephone interview with Reuters.

Workers at the targeted utility in central Illinois on November 8 noticed problems with SCADA systems which manages the water supply system, and discovered that a water pump had been damaged, said Weiss, managing partner of Applied Control Solutions in Cupertino, California.

(Reporting by Jim Finkle in Boston; Additional reporting by Jim Wolf, Andrew Stern, Diane Bartz and Andrea Shalal-Esa; Editing by Bernard Orr and Jonathan Thatcher)

RSA Unveils New SIEM Technology With Situational Awareness Capabilities

Aug 03, 2011 | 03:29 PM | 1 Comments