Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Verizon Grabs Cybertrust

Merger sets stage for clash of telecom titans

Any lingering questions about large service providers' intentions in the security market got put to rest today with Verizon's acquisition of Cybertrust, one of the best known independent security service providers.

Financial terms of the deal for privately-held Cybertrust weren't disclosed.

Verizon, the former regional Bell which also operates the former MCI, already had a 300-person security services operation, but was looking to expand its reach and range of services, according to Nancy Gofus, senior vice president and chief marketing officer for Verizon Business.

"We didn't have the global reach some of our customers were asking for, particularly in Asia and Europe," said Gofus in a press briefing this morning. "We also didn't have some of Cybertrust's capabilities, such as forensics and identity management."

The acquisition follows BT's acquisition of managed security service provider Counterpane last year, as well as IBM's acquisition of Internet Security Systems, which was immediately placed into the IBM Global Services unit. (See BT Buys Counterpane and IBM Up-Ends Security Services Market.)

"This shows that consolidation in the broad security market will continue for those services that are already highly commoditized," said Gary McGraw, CTO of Cigital. "The idea now is to 'turn the crank' to build the business into something global." But he also warned that "some dilution in the effectiveness of the services" is part of this market dynamic.

Jim Ivers, senior vice president of corporate marketing at Cybertrust, said the newly-combined company will seek offer customized security services. "If a service provider thinks they can take a cookie-cutter approach to this market, they are going to have some issues," he said. "A service provider can't just go out and buy any security company and do what Verizon Business can do."

The Verizon and Cybertrust executives said the combined company will target large enterprises and government agencies, adding security capabilities such as computer forensics and identity management to Verizon's current range of firewall, antivirus, and anti-spam services. "We can do more than Counterpane, which was strictly limited to managed security services," Ivers said.

But Bruce Schneier, CTO at BT Counterpane, pointed out that BT already has identity management. "They do it for the UK government, for heavens sake, and forensics as well. They already have a far greater global reach than Verizon can even dream of," Schneier wrote in an email today.

"The key to judge the two companies is not to look at Counterpane and Cybertrust as stand-alone companies, but to look at the combined strength of BT plus Counterpane vs Verizon plus Cybertrust," he added.

Some analysts speculated that the acquisition might lead to other services from Verizon as well.

"Every small and medium business requires secure communications services," notes Eric Ogren, principal analyst and founder of the Ogren Group. "Verizon can use this acquisition to enhance the security of its own infrastructure, but the real prize will be in bundling security services for SMBs that do not have in-house security expertise. Picture an SMB package for IP data and voice communications with annual PCI audits.".

"The next big race is to use cellphones as a replacement for credit cards, and Cybertrust suddenly looks very strategic with regard to where the market is going," says Rob Enderle, president of the Enderle Group. "If the merger is successful -- and remember, some are not -- the end result could be that Verizon is favored for cellphone based transactions, and Verizon customers will be the first to benefit broadly from them."

— Tim Wilson, Site Editor, Dark Reading

  • BT Counterpane
  • Cybertrust
  • IBM Internet Security Systems
  • Verizon Business
  • IBM Corp. (NYSE: IBM)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/4/2020
    Data Loss Spikes Under COVID-19 Lockdowns
    Seth Rosenblatt, Contributing Writer,  5/28/2020
    Abandoned Apps May Pose Security Risk to Mobile Devices
    Robert Lemos, Contributing Writer,  5/29/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13777
    PUBLISHED: 2020-06-04
    GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TL...
    CVE-2020-10548
    PUBLISHED: 2020-06-04
    rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
    CVE-2020-10549
    PUBLISHED: 2020-06-04
    rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
    CVE-2020-10546
    PUBLISHED: 2020-06-04
    rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
    CVE-2020-10547
    PUBLISHED: 2020-06-04
    rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.