Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Websense to Buy SurfControl

$400 million deal will merge two top end-user monitoring tools

Two of the industry's best-known end-user monitoring tool vendors -- Websense and SurfControl -- proposed a merger yesterday, putting an end to a storied rivalry and raising some questions about the future of the SurfControl line.

Websense said that its subsidiary, Websense SC Operations, has made a pre-conditional cash offer to acquire all shares of SurfControl, which makes on-demand Web and email security products. The deal is worth approximately $400 million.

The deal will let the two former rivals combine resources to compete with larger security software vendors, according to Gene Hodges, CEO of Websense. Websense, which makes software that detects spyware, phishing, and other malware, has leapfrogged SurfControl in recent years to become the market's biggest seller of Web filtering and end-user monitoring tools. It supports approximately 25 million PCs worldwide.

SurfControl, which was one of the first "parental control" tools for filtering unauthorized content from end users, now has some 16 million customers. While it has competed head-to-head with Websense for more than a decade, it has also developed some capabilities that Websense doesn't have, including an email filtering product and an on-demand filtering and security service called BlackSpider.

"Websense was the better product," says Rob Enderle, president of the Enderle Group, an IT consultancy. "SurfControl provided adequate coverage for a lot less money and was likely forcing Websense to drop prices. My sense is that, assuming they just don't do the Oracle/PeopleSoft thing and shut SurfControl down, they will position the SurfControl line as an entry level, value-based offering and Websense as their premium product."

"This looks more like a 'pooling of assets' type of acquisition than a 'we can do great things with this technology' type of acquisition," says Eric Ogren, principal analyst and founder of the Ogren Group, which specializes in consulting services for security vendors. "It perhaps signals the incorporation of email security into a broader application security portfolio, as evidenced by Cisco/IronPort and Secure Computing/CipherTrust purchases."

Hodges positioned SurfControl as a means of expanding Websense's prospects in the small- and medium-sized business market, and analysts said they expect the combined software company to continue to sell SurfControl as an entry-level product, then upsell the Websense line to companies that need more sophisticated content filtering tools.

"After the transaction closes, we are committed to supporting SurfControl's and Websense's customers and channel partners," Hodges said. "We plan to introduce a customer satisfaction and retention program and pledge to support SurfControl's layered software Web security solutions at least through 2010. We plan to enhance these products with data from the merged research databases of the two companies. We also plan to renew existing SurfControl subscriptions at competitive levels, similar to their historical prices."

The merger shortens the list of content filtering choices for users, and perhaps opens the door for competitors, analysts say. "If the SurfControl customers get the sense that their product will be crippled over time -- or worse, discontinued -- they will treat Websense like they did CA in the '90s and move to another vendor," Enderle says. "And this does seem rather likely."

Websense and SurfControl have very different corporate cultures, which could create problems, Ogren says. "It is very very difficult to integrate acquired organizations, and in this case, Websense and SurfControl are literally oceans apart," he notes, referring to Websense's U.K. headquarters. "Retaining star contributors and incenting the teams will be a challenge and a half."

The transaction, which has been approved unanimously by the boards of both companies, is expected to close approximately four months following regulatory approval by U.S. and U.K. agencies.

— Tim Wilson, Site Editor, Dark Reading

  • SurfControl plc
  • Websense Inc. (Nasdaq: WBSN)
  • CA Inc. (NYSE: CA)
  • CipherTrust Inc.
  • Secure Computing Corp. (Nasdaq: SCUR)
  • IronPort Systems
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • PeopleSoft Inc. (Nasdaq: PSFT)
  • Oracle Corp. (Nasdaq: ORCL) Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Edge-DRsplash-10-edge-articles
    7 Old IT Things Every New InfoSec Pro Should Know
    Joan Goodchild, Staff Editor,  4/20/2021
    News
    Cloud-Native Businesses Struggle With Security
    Robert Lemos, Contributing Writer,  5/6/2021
    Commentary
    Defending Against Web Scraping Attacks
    Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: Take me to your BISO 
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-23369
    PUBLISHED: 2021-05-10
    In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
    CVE-2020-23370
    PUBLISHED: 2021-05-10
    In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
    CVE-2020-23371
    PUBLISHED: 2021-05-10
    Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
    CVE-2020-23373
    PUBLISHED: 2021-05-10
    Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
    CVE-2020-23374
    PUBLISHED: 2021-05-10
    Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.