Analytics
1/29/2007
05:00 AM
50%
50%

Symantec Buys Altiris for $830M

Security giant plans to take on Microsoft in desktop management, end-point security

If you had any questions about whether Symantec is serious about taking on Microsoft for the right to secure and manage the desktop, you can put them to rest right now.

Symantec today made a statement about its enterprise directions by acquiring Altiris, one of the industry's best-known desktop management tool vendors, for $830 million. The deal is expected to close in the second quarter.

The deal sets up a new tier of security vendors that clearly are targeting the enterprise market. Both Cisco and Microsoft have moved into the security market over the past year -- Symantec wants to compete on that level.

"What customers have always wanted is a choice," says John Thompson, chairman and CEO of Symantec. "We're offering an alternative for managing heterogeneous environments. We'll be competitive on Windows, but we think we have an advantage in that Microsoft doesn't offer support on non-Windows systems, and we will."

"This acquisition puts Symantec in an incredibly strong position against Trend Micro and McAfee and nearly ensures its dominance in the corporate security market," says Rob Enderle, principal analyst at Enderle Group, an IT consultancy. "In the end, this comes closest to putting Symantec on an equal footing with Cisco and Microsoft and, while you can't really bid the companies against each other, there is a reasonable chance that each will help keep the others in line."

The company once known for its stand-alone PC antivirus products is now going after the largest enterprises, experts say.

"The secret to this deal is that almost half of Altiris's revenue -- more than $100 million per year -- derives from services," says Eric Ogren, security analyst at the Enterprise Strategy Group. "Symantec needs powerful service relationships to move from desktop antivirus solutions to selling information security and information storage systems into large enterprises. IBM, EMC, and Cisco have been very successful pulling products with strong services models -- the trick for Symantec will be to move quickly in the field to carve out new business."

Up to now, Symantec and Altiris have been fighting the same war, managing and securing desktops and remote devices, on two different fronts. Symantec's products can detect potential security problems on end points, but they can't always fix them. Altiris's products, on the other hand, can do remote desktop configuration and changes, but don't detect security problems.

Symantec's Thompson laid out an enterprise scenario in which the two products would work together. "Customers put Symantec Deepsight threat management system to work immediately analyzing new vulnerabilities as they are discovered," he says. "Any exposed end-point devices would be quickly identified by the Altiris Configuration Management Database to determine the extent of a vulnerability and possible corrective measures.

"Symantec then delivers updated threat signatures against an immediate attack," Thompson continues. "In the case of an infected end point, Symantec's security products repair the damage by disinfecting and quarantining the system. Furthermore, we will now be able to complete the remediation process using Altiris's technology to deploy the necessary patch.

"Moreover, once the assets are repaired and protected, the Altiris Configuration Management Database is updated, and compliance is recalibrated using the Symantec compliance solutions," Thompson adds. "This creates a true closed-loop system for managing the end-point environment."

Thompson's scenario could work, experts say. Both companies have security information management tools, and there is a growing trend toward integration of SIM with traditional network and systems management tools anyway, according to a report by the 451 Group. (See Report: SIM Market to Heat Up.)

Financially, the deal could provide a much-needed shot in the arm for Symantec, whose earnings fell short of expectations in its fiscal second quarter, resulting in the announcement of a $200 million cost cut. Altiris's revenues, about $230 million last year, are "growing at two to three times the rate of Symantec's core business," Thompson says. There also will be opportunities for the combined company to cut costs by consolidating facilities and redundant operations, he adds.

The two major areas of overlap between the partners' product lines are in PC imaging (where Symantec's Ghost competes with Altiris's Migration Suite) and compliance, where both companies offer tools for auditing. Executives acknowledged the overlaps but did not say how they will handle the consolidation in those areas.

Analysts also noted that the two companies have different licensing models -- Altiris's software is licensed on a perpetual basis, while Symantec makes much of its money from annual subscriptions. Thompson says because Altiris will operate initially as a separate subsidiary, there won't be need to normalize those pricing models, but the combined company will look at providing a "single pricing model" for customers that have both companies' software.

In general, analysts looked on the deal with favor. "Symantec is one of two companies that does acquisitions well in the tech market," Enderle says. "Cisco is the other."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • McAfee Inc. (NYSE: MFE)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Printers: The Weak Link in Enterprise Security
    Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
    20 Questions to Ask Yourself before Giving a Security Conference Talk
    Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
    Why Security Leaders Can't Afford to Be Just 'Left-Brained'
    Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Security Vulnerabilities: The Next Wave
    Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
    Flash Poll
    [Strategic Security Report] Assessing Cybersecurity Risk
    [Strategic Security Report] Assessing Cybersecurity Risk
    As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2017-0290
    Published: 2017-05-09
    NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

    CVE-2016-10369
    Published: 2017-05-08
    unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

    CVE-2016-8202
    Published: 2017-05-08
    A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

    CVE-2016-8209
    Published: 2017-05-08
    Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

    CVE-2017-0890
    Published: 2017-05-08
    Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.