http://www.computerworld.com/securitytopics/security/story/0,10801,95293,00.html By Paul Roberts AUGUST 16, 2004 IDG NEWS SERVICE Antivirus software company McAfee Inc. said today that it's buying Foundstone Inc., which makes software for detecting and managing software vulnerabilities, for $86 million in cash. The acquisition will add Foundstone's line of vulnerability management software to McAfee's growing list of security products. McAfee plans to combine Foundstone's technology for spotting and remediating software vulnerabilities with its intrusion-detection and security policy management products, allowing companies to identify and shield high-priority computer assets from attack. As part of the deal, Foundstone's professional services group will become part of McAfee's services team, McAfee said. McAfee's purchase of Mission Viejo, Calif.-based Foundstone follows moves in the past year to focus its product offerings and bolster its standing in the intrusion detection and prevention market. In April 2003, McAfee, formerly Network Associates Inc., paid $220 million to purchase IntruVert Networks Inc. and Entercept Security Technologies Inc. The acquisitions gave Santa Clara, Calif.-based McAfee a jump-start in detecting both network-based attacks -- IntruVert's specialty -- and attacks targeted at network servers, or "hosts." McAfee in recent months has also shed products and business units. In December 2003, the company announced the sale of its Magic help desk and management software division to BMC Software Inc., an enterprise management products maker, for $47 million. In April, the company sold its Sniffer family of network management products for $275 million to an investment group including Silver Lake Partners and Texas Pacific Group that relaunched the product under the auspices of a reconstituted Network General Corp. McAfee will initially focus on getting Foundstone's technology to recognize and interact with the IntruVert and Entercept technologies, as well as McAfee's VirusScan 8, said Vince Rossi, senior vice president of product management at McAfee. The goal is to help customers assess their exposure to Internet- and network-borne threats using a constantly updated threat profile provided by McAfee's other products. With detailed information on which of their computer assets are the most exposed, IT departments can focus on dealing with the biggest threats to their most critical assets, saving time and effort, he said. "Entercept and [IntruVert's] IntruShield are primarily focused on delivering proactive risk mitigation, but there's little guidance to customers on how to best use those technologies given their business environment," Rossi said. "Foundstone provides us with a front end that allows customers, in an automated way, to discover their environment and prioritize their resources based on business risk and on threats." The purchase of privately held Foundstone, which began in 1999 as a security consulting services company and more recently began marketing and selling security software and hardware, will complement McAfee's investment network and host intrusion-prevention technologies, said John Pescatore, an analyst at Gartner Inc. "Now that you have host and network intrusion detection, companies need to know where they're vulnerable, so vulnerability management becomes important," he said. The move also gives McAfee access to Foundstone's marquis vulnerability management customers, many of which are large companies, and boosts McAfee's otherwise unremarkable professional services group, Pescatore said. Foundstone's head of professional services will lead McAfee's professional services group after the acquisition. The company's security consultants will also be allowed to continue working in a "boutique" fashion within McAfee's professional services group, Rossi said. McAfee has promised Foundstone that the company's security experts won't be pressured to recommend only McAfee technology, said Rossi and George Kurtz, CEO of Foundstone. McAfee said that it expects its acquisition of Foundstone to be complete in the next 60 days and that it will update its financial guidance for the fourth quarter of 2004 and for fiscal 2005 to account for the purchase. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Aug 17 2004 - 04:10:50 PDT