Analytics
1/29/2007
05:00 AM
50%
50%

Symantec Buys Altiris for $830M

Security giant plans to take on Microsoft in desktop management, end-point security

If you had any questions about whether Symantec is serious about taking on Microsoft for the right to secure and manage the desktop, you can put them to rest right now.

Symantec today made a statement about its enterprise directions by acquiring Altiris, one of the industry's best-known desktop management tool vendors, for $830 million. The deal is expected to close in the second quarter.

The deal sets up a new tier of security vendors that clearly are targeting the enterprise market. Both Cisco and Microsoft have moved into the security market over the past year -- Symantec wants to compete on that level.

"What customers have always wanted is a choice," says John Thompson, chairman and CEO of Symantec. "We're offering an alternative for managing heterogeneous environments. We'll be competitive on Windows, but we think we have an advantage in that Microsoft doesn't offer support on non-Windows systems, and we will."

"This acquisition puts Symantec in an incredibly strong position against Trend Micro and McAfee and nearly ensures its dominance in the corporate security market," says Rob Enderle, principal analyst at Enderle Group, an IT consultancy. "In the end, this comes closest to putting Symantec on an equal footing with Cisco and Microsoft and, while you can't really bid the companies against each other, there is a reasonable chance that each will help keep the others in line."

The company once known for its stand-alone PC antivirus products is now going after the largest enterprises, experts say.

"The secret to this deal is that almost half of Altiris's revenue -- more than $100 million per year -- derives from services," says Eric Ogren, security analyst at the Enterprise Strategy Group. "Symantec needs powerful service relationships to move from desktop antivirus solutions to selling information security and information storage systems into large enterprises. IBM, EMC, and Cisco have been very successful pulling products with strong services models -- the trick for Symantec will be to move quickly in the field to carve out new business."

Up to now, Symantec and Altiris have been fighting the same war, managing and securing desktops and remote devices, on two different fronts. Symantec's products can detect potential security problems on end points, but they can't always fix them. Altiris's products, on the other hand, can do remote desktop configuration and changes, but don't detect security problems.

Symantec's Thompson laid out an enterprise scenario in which the two products would work together. "Customers put Symantec Deepsight threat management system to work immediately analyzing new vulnerabilities as they are discovered," he says. "Any exposed end-point devices would be quickly identified by the Altiris Configuration Management Database to determine the extent of a vulnerability and possible corrective measures.

"Symantec then delivers updated threat signatures against an immediate attack," Thompson continues. "In the case of an infected end point, Symantec's security products repair the damage by disinfecting and quarantining the system. Furthermore, we will now be able to complete the remediation process using Altiris's technology to deploy the necessary patch.

"Moreover, once the assets are repaired and protected, the Altiris Configuration Management Database is updated, and compliance is recalibrated using the Symantec compliance solutions," Thompson adds. "This creates a true closed-loop system for managing the end-point environment."

Thompson's scenario could work, experts say. Both companies have security information management tools, and there is a growing trend toward integration of SIM with traditional network and systems management tools anyway, according to a report by the 451 Group. (See Report: SIM Market to Heat Up.)

Financially, the deal could provide a much-needed shot in the arm for Symantec, whose earnings fell short of expectations in its fiscal second quarter, resulting in the announcement of a $200 million cost cut. Altiris's revenues, about $230 million last year, are "growing at two to three times the rate of Symantec's core business," Thompson says. There also will be opportunities for the combined company to cut costs by consolidating facilities and redundant operations, he adds.

The two major areas of overlap between the partners' product lines are in PC imaging (where Symantec's Ghost competes with Altiris's Migration Suite) and compliance, where both companies offer tools for auditing. Executives acknowledged the overlaps but did not say how they will handle the consolidation in those areas.

Analysts also noted that the two companies have different licensing models -- Altiris's software is licensed on a perpetual basis, while Symantec makes much of its money from annual subscriptions. Thompson says because Altiris will operate initially as a separate subsidiary, there won't be need to normalize those pricing models, but the combined company will look at providing a "single pricing model" for customers that have both companies' software.

In general, analysts looked on the deal with favor. "Symantec is one of two companies that does acquisitions well in the tech market," Enderle says. "Cisco is the other."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • McAfee Inc. (NYSE: MFE)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Current Issue
    Dark Reading Tech Digest, Dec. 19, 2014
    Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
    Flash Poll
    Threat Intel Today
    Threat Intel Today
    The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2010-5075
    Published: 2014-12-27
    Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.

    CVE-2011-4720
    Published: 2014-12-27
    Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

    CVE-2011-4722
    Published: 2014-12-27
    Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

    CVE-2012-1203
    Published: 2014-12-27
    Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

    CVE-2012-1302
    Published: 2014-12-27
    Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.

    Best of the Web
    Dark Reading Radio
    Archived Dark Reading Radio
    Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.