Symantec buying binge plugs gaps

Symantec Corp.'s mid-summer buying spree could give federal users one source for a range of threat management products and services to quell cyberattacks.

The developer of security software will shell out $375 million to add crucial missing pieces to its portfolio, specifically network intrusion detection, managed security services and security event management.

Symantec, known for its enterprise and consumer virus protection software, Norton Antivirus, has attempted to transform itself into a one-stop shop for enterprise security wares through mergers and acquisitions. The $1.2 billion company offers various client and server security, content management, firewall and virtual private network technology.

Experts say the company has been hurting the most in the network intrusion-detection area. Its product, NetProwler, has not competed well against products from Cisco Systems Inc., Enterasys Networks Inc. and Internet Security Systems Inc., which can detect intrusions in high-speed networks, security experts say.

Network managers, rather than security managers, typically buy intrusion-detection systems, and they care about speed and power, said Peter Lindstrom, director of security strategies at Hurwitz Group, an information technology consulting firm. Other vendors "have been able to play the speed and performance card," Lindstrom said.

"The existing Symantec [network intrusion-detection system] product doesn't scale very well," said Tim Bashara, director of secure information systems for Raytheon Co., which uses Symantec products to secure the Navy Marine Corps Intranet as well as other federal agencies' systems.

The $135 million acquisition of Redwood City, Calif.-based Recourse Technologies Inc. will provide a much needed remedy. Its ManHunt technology uses anomaly-based detection and advance protocol monitoring to ferret out potential intrusions even in high-speed gigabit networks. Anomaly-based detection systems search for abnormal patterns in network traffic vs. systems that seek predefined rules or "attack signatures" to detect hostile traffic.

"Recourse Technologies' [ManHunt] is a product we would use immediately," Bashara said. ManHunt could be used in conjunction with Symantec's server-based detection product, Intruder Alert, experts say.

Symantec will also acquire Recourse's ManTrap, a decoy system also known as a honeypot that prevents intrusions to real systems.

With Alexandria, Va.-based Riptech Inc., bought for $145 million, Symantec will boost its capability to provide managed security services to medium-size companies and agencies, said Gail Hamilton, Symantec's executive vice president.

Symantec will acquire Riptech's Caltarian technology platform, which provides organizations with around-the-clock network monitoring, analysis and response.

The $75 million purchase of San Mateo, Calif.-based SecurityFocus will enable Symantec to go beyond offering virus warnings to providing more complete early warning systems to users.

SecurityFocus has 14,000 sensors across the Internet collecting data about security incidents and vulnerabilities and operates the Bugtraq vulnerability database.

But the hidden asset of the acquisitions is the $20 million purchase of CyberWolf Technologies Inc., Lindstrom said.

Funded by Defense Advanced Research Projects Agency grants, the Falls Church, Va.-based company developed a correlation engine that automatically monitors, filters and correlates the analysis of security event data generated by an array of security devices and sensors.

Lindstrom sees lots of synergy in the various product lines.

For instance, the Riptech system could be migrated into the Symantec management console, using CyberWolf's scalability to eliminate redundancy in supporting the Caltarian system.

Additionally, SecurityFocus could enhance Riptech by providing advanced warning of attacks. What's more, Recourse's honeypot technology could be strategically placed across the Internet to provide SecurityFocus with more detailed threat analysis, Lindstrom said.

This is all good news to Raytheon's Bashara. "As a government systems integrator, we spend a lot of time integrating products." Symantec's latest acquisitions could make that job easier, he said.

***

Buying spree

New acquisitions will beef up Symantec Corp.'s portfolio in several key areas:

CyberWolf Technologies Inc., originally named Mountain Wave Inc. — Security management.

Recourse Technologies Inc. — Network intrusion detection.

Riptech Inc. — Managed security services.

SecurityFocus — Threat management.