Security experts weren't surprised whenPatchLink announced it would acquire endpoint security
vendor SecureWavein an all-stock
merger. The move makes perfect sense for PatchLink, since IT shops
are increasingly hungry for tools to help them better secure an
increasing array of endpoint devices.
"We've known for some time that if you manage the endpoint
devices properly you reduce risk, but it's becoming increasingly
difficult to identify where the
vulnerabilities are on those devices," said Eric Maiwald,
senior analyst at Burton Group. IT professionals are increasingly
worried about what people are plugging into their laptops and what
kind of data is being tossed around in the process. "You can get a
lot of information onto a USB stick, and they're small and easy to
lose."
With SecureWave's technology, PatchLink will be better equipped
to help customers address the problem, he said.
But with
larger IT infrastructure providers like
Microsoft and IBM working more security into their
offerings, analysts say it's far from certain that PatchLink
will enjoy an explosion of growth from this acquisition.
PatchLink said it will merge SecureWave's technology with its
own to create a platform to secure enterprise servers and
endpoints. SecureWave, based in Luxembourg, has more than 1,700
customers worldwide. Its Sanctuary software and appliances contain
policy enforcement tools to manage and monitor device and
application use to protect against data leakage and malware
threats. PatchLink plans to combine the endpoint security software
with its vulnerability management technology for enterprise-wide
policy management and automated patching.
 |
| PatchLink, endpoint security: |
PatchLink and SecureWave to form merged security firm
Security firm PatchLink plans to acquire SecureWave to strengthen
its patch management platform with endpoint security and policy
management features
PatchLink acquires STAT Guardian tool: PatchLink Corp. says it
will add more muscle to its vulnerability management portfolio by
acquiring the STAT Guardian tool from IT vendor Harris Corp.
Endpoint security: In this lesson, guest
instructor Ben Rothke, Director of Security Technology
Implementation for a large financial services company and
provides tactics for endpoint security, policies for controlling
endpoints.
Keeping pace with emerging endpoint security
technologies: Vendors have responded to the
de-perimeterization of corporate networks with products designed
to perform "health checks" of connecting devices, permitting
access based on the security status of the endpoint.
|
|
| |
|
In February, PatchLink acquired
the STAT Guardian vulnerability management
suite from Harris Corp., a Melbourne, Fla.-based IT
communications vendor that caters to government and commercial
markets. PatchLink said the acquisition of the STAT Guardian
suite helped it sharpen its focus on risk management and
policy-based compliance. The tool also helped PatchLink build a
unified end point security platform with a single, policy-based
architecture and consolidated compliance reporting, the company
said.
In an interview Monday morning, Matt Mosher, PatchLink's senior
vice president of sales for the Americas, acknowledged the company
wants to fill the kind of need Maiwald described. He said customers
are clamoring for more integration in their security tools, and in
this case PatchLink is filling the need by working SecureWave's
endpoint security capabilities into PatchLink's vulnerability
management technology.
"When it comes to endpoint security, people don't want to invest
in multiple agents," he said. "They are looking for more
consolidation, and SecureWave gives us more policy and enforcement
options. Now we can apply security policy around external devices.
SecureWave's device control is a great tool for things like laptop
security."
Natalie Lambert, an analyst with Cambridge, Mass.-based
Forrester Research Inc., agreed the acquisition makes a lot of
sense. Indeed, she said she has been expecting that SecureWave
would sell to either PatchLink or Novell.
"This acquisition brings security functionality into PatchLink's
arsenal," she said in an email exchange. "As a dedicated patch
vendor, PatchLink was a great vendor for partnerships/OEM
agreements, but lacked a foothold in security, specifically the
client security market. Now, they have the capabilities to move
beyond patch management and into the broader security market by
addressing the unwanted programs and devices, as well as the
malicious code and information leak prevention markets."
But PatchLink's future position becomes less certain when one
considers the ongoing consolidation in the client security and
client management markets, she said. At some point, she wouldn't be
surprised if PatchLink is acquired by someone else.
"Both of these functions -- patch management and
application-device control -- will be folded into larger management
products [going forward]," she said. "I expect this market to be
dominated by the Microsofts, McAfees and Symantecs of the world
because they can offer management and security in a single product.
As a best-of-breed player, I would expect PatchLink to get picked
up by a management or security vendor without this functionality.
HP and Novell come to mind."
Another uncertainty is how SecureWave's current customer base
will take to PatchLink. In other recent acquisitions, some
customers reported that services either improved or stayed the same
as their tools passed from the control of one vendor to the next.
In other cases, however,
customers complained about a decline in
quality, as was the case when Symantec Corp. acquired
Veritas.
Mosher is confident SecureWave customers will be pleased with
the results of this merger. Maiwald said things could go either
way.
"Patchlink is a bigger company with more resources," he said.
"Will that mean better services and support for SecureWave
customers? We'll have to wait and see."