05:00 AM

Symantec Buys Altiris for $830M

Security giant plans to take on Microsoft in desktop management, end-point security

If you had any questions about whether Symantec is serious about taking on Microsoft for the right to secure and manage the desktop, you can put them to rest right now.

Symantec today made a statement about its enterprise directions by acquiring Altiris, one of the industry's best-known desktop management tool vendors, for $830 million. The deal is expected to close in the second quarter.

The deal sets up a new tier of security vendors that clearly are targeting the enterprise market. Both Cisco and Microsoft have moved into the security market over the past year -- Symantec wants to compete on that level.

"What customers have always wanted is a choice," says John Thompson, chairman and CEO of Symantec. "We're offering an alternative for managing heterogeneous environments. We'll be competitive on Windows, but we think we have an advantage in that Microsoft doesn't offer support on non-Windows systems, and we will."

"This acquisition puts Symantec in an incredibly strong position against Trend Micro and McAfee and nearly ensures its dominance in the corporate security market," says Rob Enderle, principal analyst at Enderle Group, an IT consultancy. "In the end, this comes closest to putting Symantec on an equal footing with Cisco and Microsoft and, while you can't really bid the companies against each other, there is a reasonable chance that each will help keep the others in line."

The company once known for its stand-alone PC antivirus products is now going after the largest enterprises, experts say.

"The secret to this deal is that almost half of Altiris's revenue -- more than $100 million per year -- derives from services," says Eric Ogren, security analyst at the Enterprise Strategy Group. "Symantec needs powerful service relationships to move from desktop antivirus solutions to selling information security and information storage systems into large enterprises. IBM, EMC, and Cisco have been very successful pulling products with strong services models -- the trick for Symantec will be to move quickly in the field to carve out new business."

Up to now, Symantec and Altiris have been fighting the same war, managing and securing desktops and remote devices, on two different fronts. Symantec's products can detect potential security problems on end points, but they can't always fix them. Altiris's products, on the other hand, can do remote desktop configuration and changes, but don't detect security problems.

Symantec's Thompson laid out an enterprise scenario in which the two products would work together. "Customers put Symantec Deepsight threat management system to work immediately analyzing new vulnerabilities as they are discovered," he says. "Any exposed end-point devices would be quickly identified by the Altiris Configuration Management Database to determine the extent of a vulnerability and possible corrective measures.

"Symantec then delivers updated threat signatures against an immediate attack," Thompson continues. "In the case of an infected end point, Symantec's security products repair the damage by disinfecting and quarantining the system. Furthermore, we will now be able to complete the remediation process using Altiris's technology to deploy the necessary patch.

"Moreover, once the assets are repaired and protected, the Altiris Configuration Management Database is updated, and compliance is recalibrated using the Symantec compliance solutions," Thompson adds. "This creates a true closed-loop system for managing the end-point environment."

Thompson's scenario could work, experts say. Both companies have security information management tools, and there is a growing trend toward integration of SIM with traditional network and systems management tools anyway, according to a report by the 451 Group. (See Report: SIM Market to Heat Up.)

Financially, the deal could provide a much-needed shot in the arm for Symantec, whose earnings fell short of expectations in its fiscal second quarter, resulting in the announcement of a $200 million cost cut. Altiris's revenues, about $230 million last year, are "growing at two to three times the rate of Symantec's core business," Thompson says. There also will be opportunities for the combined company to cut costs by consolidating facilities and redundant operations, he adds.

The two major areas of overlap between the partners' product lines are in PC imaging (where Symantec's Ghost competes with Altiris's Migration Suite) and compliance, where both companies offer tools for auditing. Executives acknowledged the overlaps but did not say how they will handle the consolidation in those areas.

Analysts also noted that the two companies have different licensing models -- Altiris's software is licensed on a perpetual basis, while Symantec makes much of its money from annual subscriptions. Thompson says because Altiris will operate initially as a separate subsidiary, there won't be need to normalize those pricing models, but the combined company will look at providing a "single pricing model" for customers that have both companies' software.

In general, analysts looked on the deal with favor. "Symantec is one of two companies that does acquisitions well in the tech market," Enderle says. "Cisco is the other."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • McAfee Inc. (NYSE: MFE)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc. Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Five Emerging Security Threats - And What You Can Learn From Them
    At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
    Flash Poll
    Get Smart About Threat Intelligence
    Get Smart About Threat Intelligence
    Is threat intel the best way to improve defenses and stay ahead of new and complex attacks? Nearly 400 respondents to Dark Readings new Threat Intelligence Survey seem to think so.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    Published: 2015-10-15
    The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

    Published: 2015-10-15
    netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

    Published: 2015-10-15
    Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

    Published: 2015-10-15
    Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

    Published: 2015-10-15
    Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

    Dark Reading Radio
    Archived Dark Reading Radio
    According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.