Analytics
1/29/2007
05:00 AM
50%
50%

Symantec Buys Altiris for $830M

Security giant plans to take on Microsoft in desktop management, end-point security

If you had any questions about whether Symantec is serious about taking on Microsoft for the right to secure and manage the desktop, you can put them to rest right now.

Symantec today made a statement about its enterprise directions by acquiring Altiris, one of the industry's best-known desktop management tool vendors, for $830 million. The deal is expected to close in the second quarter.

The deal sets up a new tier of security vendors that clearly are targeting the enterprise market. Both Cisco and Microsoft have moved into the security market over the past year -- Symantec wants to compete on that level.

"What customers have always wanted is a choice," says John Thompson, chairman and CEO of Symantec. "We're offering an alternative for managing heterogeneous environments. We'll be competitive on Windows, but we think we have an advantage in that Microsoft doesn't offer support on non-Windows systems, and we will."

"This acquisition puts Symantec in an incredibly strong position against Trend Micro and McAfee and nearly ensures its dominance in the corporate security market," says Rob Enderle, principal analyst at Enderle Group, an IT consultancy. "In the end, this comes closest to putting Symantec on an equal footing with Cisco and Microsoft and, while you can't really bid the companies against each other, there is a reasonable chance that each will help keep the others in line."

The company once known for its stand-alone PC antivirus products is now going after the largest enterprises, experts say.

"The secret to this deal is that almost half of Altiris's revenue -- more than $100 million per year -- derives from services," says Eric Ogren, security analyst at the Enterprise Strategy Group. "Symantec needs powerful service relationships to move from desktop antivirus solutions to selling information security and information storage systems into large enterprises. IBM, EMC, and Cisco have been very successful pulling products with strong services models -- the trick for Symantec will be to move quickly in the field to carve out new business."

Up to now, Symantec and Altiris have been fighting the same war, managing and securing desktops and remote devices, on two different fronts. Symantec's products can detect potential security problems on end points, but they can't always fix them. Altiris's products, on the other hand, can do remote desktop configuration and changes, but don't detect security problems.

Symantec's Thompson laid out an enterprise scenario in which the two products would work together. "Customers put Symantec Deepsight threat management system to work immediately analyzing new vulnerabilities as they are discovered," he says. "Any exposed end-point devices would be quickly identified by the Altiris Configuration Management Database to determine the extent of a vulnerability and possible corrective measures.

"Symantec then delivers updated threat signatures against an immediate attack," Thompson continues. "In the case of an infected end point, Symantec's security products repair the damage by disinfecting and quarantining the system. Furthermore, we will now be able to complete the remediation process using Altiris's technology to deploy the necessary patch.

"Moreover, once the assets are repaired and protected, the Altiris Configuration Management Database is updated, and compliance is recalibrated using the Symantec compliance solutions," Thompson adds. "This creates a true closed-loop system for managing the end-point environment."

Thompson's scenario could work, experts say. Both companies have security information management tools, and there is a growing trend toward integration of SIM with traditional network and systems management tools anyway, according to a report by the 451 Group. (See Report: SIM Market to Heat Up.)

Financially, the deal could provide a much-needed shot in the arm for Symantec, whose earnings fell short of expectations in its fiscal second quarter, resulting in the announcement of a $200 million cost cut. Altiris's revenues, about $230 million last year, are "growing at two to three times the rate of Symantec's core business," Thompson says. There also will be opportunities for the combined company to cut costs by consolidating facilities and redundant operations, he adds.

The two major areas of overlap between the partners' product lines are in PC imaging (where Symantec's Ghost competes with Altiris's Migration Suite) and compliance, where both companies offer tools for auditing. Executives acknowledged the overlaps but did not say how they will handle the consolidation in those areas.

Analysts also noted that the two companies have different licensing models -- Altiris's software is licensed on a perpetual basis, while Symantec makes much of its money from annual subscriptions. Thompson says because Altiris will operate initially as a separate subsidiary, there won't be need to normalize those pricing models, but the combined company will look at providing a "single pricing model" for customers that have both companies' software.

In general, analysts looked on the deal with favor. "Symantec is one of two companies that does acquisitions well in the tech market," Enderle says. "Cisco is the other."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • McAfee Inc. (NYSE: MFE)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Current Issue
    Flash Poll
    Threat Intel Today
    Threat Intel Today
    The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2015-0714
    Published: 2015-05-02
    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

    CVE-2014-3598
    Published: 2015-05-01
    The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

    CVE-2014-8361
    Published: 2015-05-01
    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

    CVE-2015-0237
    Published: 2015-05-01
    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

    CVE-2015-0257
    Published: 2015-05-01
    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

    Dark Reading Radio
    Archived Dark Reading Radio
    Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.