Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Websense to Buy SurfControl

$400 million deal will merge two top end-user monitoring tools

Two of the industry's best-known end-user monitoring tool vendors -- Websense and SurfControl -- proposed a merger yesterday, putting an end to a storied rivalry and raising some questions about the future of the SurfControl line.

Websense said that its subsidiary, Websense SC Operations, has made a pre-conditional cash offer to acquire all shares of SurfControl, which makes on-demand Web and email security products. The deal is worth approximately $400 million.

The deal will let the two former rivals combine resources to compete with larger security software vendors, according to Gene Hodges, CEO of Websense. Websense, which makes software that detects spyware, phishing, and other malware, has leapfrogged SurfControl in recent years to become the market's biggest seller of Web filtering and end-user monitoring tools. It supports approximately 25 million PCs worldwide.

SurfControl, which was one of the first "parental control" tools for filtering unauthorized content from end users, now has some 16 million customers. While it has competed head-to-head with Websense for more than a decade, it has also developed some capabilities that Websense doesn't have, including an email filtering product and an on-demand filtering and security service called BlackSpider.

"Websense was the better product," says Rob Enderle, president of the Enderle Group, an IT consultancy. "SurfControl provided adequate coverage for a lot less money and was likely forcing Websense to drop prices. My sense is that, assuming they just don't do the Oracle/PeopleSoft thing and shut SurfControl down, they will position the SurfControl line as an entry level, value-based offering and Websense as their premium product."

"This looks more like a 'pooling of assets' type of acquisition than a 'we can do great things with this technology' type of acquisition," says Eric Ogren, principal analyst and founder of the Ogren Group, which specializes in consulting services for security vendors. "It perhaps signals the incorporation of email security into a broader application security portfolio, as evidenced by Cisco/IronPort and Secure Computing/CipherTrust purchases."

Hodges positioned SurfControl as a means of expanding Websense's prospects in the small- and medium-sized business market, and analysts said they expect the combined software company to continue to sell SurfControl as an entry-level product, then upsell the Websense line to companies that need more sophisticated content filtering tools.

"After the transaction closes, we are committed to supporting SurfControl's and Websense's customers and channel partners," Hodges said. "We plan to introduce a customer satisfaction and retention program and pledge to support SurfControl's layered software Web security solutions at least through 2010. We plan to enhance these products with data from the merged research databases of the two companies. We also plan to renew existing SurfControl subscriptions at competitive levels, similar to their historical prices."

The merger shortens the list of content filtering choices for users, and perhaps opens the door for competitors, analysts say. "If the SurfControl customers get the sense that their product will be crippled over time -- or worse, discontinued -- they will treat Websense like they did CA in the '90s and move to another vendor," Enderle says. "And this does seem rather likely."

Websense and SurfControl have very different corporate cultures, which could create problems, Ogren says. "It is very very difficult to integrate acquired organizations, and in this case, Websense and SurfControl are literally oceans apart," he notes, referring to Websense's U.K. headquarters. "Retaining star contributors and incenting the teams will be a challenge and a half."

The transaction, which has been approved unanimously by the boards of both companies, is expected to close approximately four months following regulatory approval by U.S. and U.K. agencies.

— Tim Wilson, Site Editor, Dark Reading

  • SurfControl plc
  • Websense Inc. (Nasdaq: WBSN)
  • CA Inc. (NYSE: CA)
  • CipherTrust Inc.
  • Secure Computing Corp. (Nasdaq: SCUR)
  • IronPort Systems
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • PeopleSoft Inc. (Nasdaq: PSFT)
  • Oracle Corp. (Nasdaq: ORCL) Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Navigating Security in the Cloud
    Diya Jolly, Chief Product Officer, Okta,  12/4/2019
    SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
    Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Our Endpoint Protection system is a little outdated... 
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2013-1689
    PUBLISHED: 2019-12-10
    Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
    CVE-2016-10001
    PUBLISHED: 2019-12-10
    inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitra...
    CVE-2019-6183
    PUBLISHED: 2019-12-10
    A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.
    CVE-2019-6192
    PUBLISHED: 2019-12-10
    A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
    CVE-2019-4095
    PUBLISHED: 2019-12-10
    IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.