Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

12/21/2017
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Businesses Go on Pre-Holiday Cloud Acquisition Spree

VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.

Tech companies closed 2017 with cloud-focused acquisitions that demonstrate an industry-wide trend that refuses to slow down. VMware, McAfee, and Trend Micro all have announced plans to buy cloud businesses within the past month.

Earlier this month, VMware finalized its purchase of VeloCloud Networks. It plans to add VeloCloud's software-defined wide area network (SD-WAN) tool to its lineup so it can help users run, manage, connect, and secure applications in the cloud, Jeff Jennings, senior vice president and general manager of VMware's networking and security business, wrote in a blog post.

The SD-WAN tool will boost performance and availability for enterprise and cloud applications with "full visibility, metrics, control and automation of all endpoints," he added.

McAfee Buys Skyhigh
Less than eight months after its spinoff from Intel, McAfee purchased cloud access security broker (CASB) provider Skyhigh Networks. In a post on the news, McAfee CEO Christopher Young called it "an ideal complement" to McAfee's strategy going forward.

"Cloud security has historically been an afterthought of, or impediment to, cloud adoption," he pointed out. Indeed, this year has proven time and again the dangers of rushing to cloud without putting the right safeguards in place, as demonstrated by a series of AWS data leaks affecting major organizations including TigerSwan, Dow Jones, and, most recently, Alteryx.

Skyhigh will "accelerate" McAfee's strategy, says Raja Patel, vice president and general manager of corporate products at McAfee. He calls endpoint and cloud "architectural control points" that address threats targeting data, applications, and infrastructure.

Security operations teams need automation and orchestration to address a higher number of threats with fewer resources, Patel continues. The CASB space is maturing: by 2020, 85% of large businesses will use a CASB product, he says, citing data from Gartner.

This acquisition is "fortifying the cloud control point," he explains. The ultimate goal for McAfee is to strengthen endpoint and cloud security, and it believes Skyhigh will drive this forward. "More and more of us are transient in and out of environments with our devices, and more and more of the services we access are outside the enterprise in the cloud," Patel says.

The Skyhigh brand name will remain in the market following the transaction. McAfee will "consider opportunities" to endorse it, Patel says, given its strong reputation for cloud security.

Trend Micro Acquires Immunio
Around the same time McAfee bought Skyhigh, Trend Micro snapped up Immunio. The goal is to expand its hybrid cloud security tool with a combination of purchased capabilities and in-house development, the company explained. Trend Micro will acquire Immunio's application security technology and talent.

"As organizations move to the cloud and adopt a more modern approach to applications delivery — generally falling under the 'DevOps' term — traditional approaches to security, such as bolting it on at the end of development or trying to form a strong perimeter, just don't work," says Mark Nunnikhoven, vice president of cloud research for Trend Micro.

Immunio integrates with application code to analyze its behavior and protect against threats in a way other approaches don't, he adds. Trend Micro's goal is to build a platform that can integrate with DevOps culture. It's focusing on automation for customer applications, building its Deep Security platform, and ramping up internal R&D to focus on container image scanning.

The acquisition will bring Immunio's early detection, protection against app vulnerabilities, and container image scanning into these projects.

"You can protect all stages of application delivery, from the time the code is written all the way through to production," says Nunnikhoven. "To do that, you have to apply the right security technique at the right time in the application lifecycle."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...