Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Websense to Buy SurfControl

$400 million deal will merge two top end-user monitoring tools

Two of the industry's best-known end-user monitoring tool vendors -- Websense and SurfControl -- proposed a merger yesterday, putting an end to a storied rivalry and raising some questions about the future of the SurfControl line.

Websense said that its subsidiary, Websense SC Operations, has made a pre-conditional cash offer to acquire all shares of SurfControl, which makes on-demand Web and email security products. The deal is worth approximately $400 million.

The deal will let the two former rivals combine resources to compete with larger security software vendors, according to Gene Hodges, CEO of Websense. Websense, which makes software that detects spyware, phishing, and other malware, has leapfrogged SurfControl in recent years to become the market's biggest seller of Web filtering and end-user monitoring tools. It supports approximately 25 million PCs worldwide.

SurfControl, which was one of the first "parental control" tools for filtering unauthorized content from end users, now has some 16 million customers. While it has competed head-to-head with Websense for more than a decade, it has also developed some capabilities that Websense doesn't have, including an email filtering product and an on-demand filtering and security service called BlackSpider.

"Websense was the better product," says Rob Enderle, president of the Enderle Group, an IT consultancy. "SurfControl provided adequate coverage for a lot less money and was likely forcing Websense to drop prices. My sense is that, assuming they just don't do the Oracle/PeopleSoft thing and shut SurfControl down, they will position the SurfControl line as an entry level, value-based offering and Websense as their premium product."

"This looks more like a 'pooling of assets' type of acquisition than a 'we can do great things with this technology' type of acquisition," says Eric Ogren, principal analyst and founder of the Ogren Group, which specializes in consulting services for security vendors. "It perhaps signals the incorporation of email security into a broader application security portfolio, as evidenced by Cisco/IronPort and Secure Computing/CipherTrust purchases."

Hodges positioned SurfControl as a means of expanding Websense's prospects in the small- and medium-sized business market, and analysts said they expect the combined software company to continue to sell SurfControl as an entry-level product, then upsell the Websense line to companies that need more sophisticated content filtering tools.

"After the transaction closes, we are committed to supporting SurfControl's and Websense's customers and channel partners," Hodges said. "We plan to introduce a customer satisfaction and retention program and pledge to support SurfControl's layered software Web security solutions at least through 2010. We plan to enhance these products with data from the merged research databases of the two companies. We also plan to renew existing SurfControl subscriptions at competitive levels, similar to their historical prices."

The merger shortens the list of content filtering choices for users, and perhaps opens the door for competitors, analysts say. "If the SurfControl customers get the sense that their product will be crippled over time -- or worse, discontinued -- they will treat Websense like they did CA in the '90s and move to another vendor," Enderle says. "And this does seem rather likely."

Websense and SurfControl have very different corporate cultures, which could create problems, Ogren says. "It is very very difficult to integrate acquired organizations, and in this case, Websense and SurfControl are literally oceans apart," he notes, referring to Websense's U.K. headquarters. "Retaining star contributors and incenting the teams will be a challenge and a half."

The transaction, which has been approved unanimously by the boards of both companies, is expected to close approximately four months following regulatory approval by U.S. and U.K. agencies.

— Tim Wilson, Site Editor, Dark Reading

  • SurfControl plc
  • Websense Inc. (Nasdaq: WBSN)
  • CA Inc. (NYSE: CA)
  • CipherTrust Inc.
  • Secure Computing Corp. (Nasdaq: SCUR)
  • IronPort Systems
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • PeopleSoft Inc. (Nasdaq: PSFT)
  • Oracle Corp. (Nasdaq: ORCL) Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    FluBot Malware's Rapid Spread May Soon Hit US Phones
    Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
    Slideshows
    7 Modern-Day Cybersecurity Realities
    Steve Zurier, Contributing Writer,  4/30/2021
    Commentary
    How to Secure Employees' Home Wi-Fi Networks
    Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-24259
    PUBLISHED: 2021-05-05
    The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
    CVE-2021-24260
    PUBLISHED: 2021-05-05
    The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
    CVE-2021-24261
    PUBLISHED: 2021-05-05
    The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
    CVE-2021-24262
    PUBLISHED: 2021-05-05
    The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
    CVE-2021-24263
    PUBLISHED: 2021-05-05
    The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...