Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

12/21/2017
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Businesses Go on Pre-Holiday Cloud Acquisition Spree

VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.

Tech companies closed 2017 with cloud-focused acquisitions that demonstrate an industry-wide trend that refuses to slow down. VMware, McAfee, and Trend Micro all have announced plans to buy cloud businesses within the past month.

Earlier this month, VMware finalized its purchase of VeloCloud Networks. It plans to add VeloCloud's software-defined wide area network (SD-WAN) tool to its lineup so it can help users run, manage, connect, and secure applications in the cloud, Jeff Jennings, senior vice president and general manager of VMware's networking and security business, wrote in a blog post.

The SD-WAN tool will boost performance and availability for enterprise and cloud applications with "full visibility, metrics, control and automation of all endpoints," he added.

McAfee Buys Skyhigh
Less than eight months after its spinoff from Intel, McAfee purchased cloud access security broker (CASB) provider Skyhigh Networks. In a post on the news, McAfee CEO Christopher Young called it "an ideal complement" to McAfee's strategy going forward.

"Cloud security has historically been an afterthought of, or impediment to, cloud adoption," he pointed out. Indeed, this year has proven time and again the dangers of rushing to cloud without putting the right safeguards in place, as demonstrated by a series of AWS data leaks affecting major organizations including TigerSwan, Dow Jones, and, most recently, Alteryx.

Skyhigh will "accelerate" McAfee's strategy, says Raja Patel, vice president and general manager of corporate products at McAfee. He calls endpoint and cloud "architectural control points" that address threats targeting data, applications, and infrastructure.

Security operations teams need automation and orchestration to address a higher number of threats with fewer resources, Patel continues. The CASB space is maturing: by 2020, 85% of large businesses will use a CASB product, he says, citing data from Gartner.

This acquisition is "fortifying the cloud control point," he explains. The ultimate goal for McAfee is to strengthen endpoint and cloud security, and it believes Skyhigh will drive this forward. "More and more of us are transient in and out of environments with our devices, and more and more of the services we access are outside the enterprise in the cloud," Patel says.

The Skyhigh brand name will remain in the market following the transaction. McAfee will "consider opportunities" to endorse it, Patel says, given its strong reputation for cloud security.

Trend Micro Acquires Immunio
Around the same time McAfee bought Skyhigh, Trend Micro snapped up Immunio. The goal is to expand its hybrid cloud security tool with a combination of purchased capabilities and in-house development, the company explained. Trend Micro will acquire Immunio's application security technology and talent.

"As organizations move to the cloud and adopt a more modern approach to applications delivery — generally falling under the 'DevOps' term — traditional approaches to security, such as bolting it on at the end of development or trying to form a strong perimeter, just don't work," says Mark Nunnikhoven, vice president of cloud research for Trend Micro.

Immunio integrates with application code to analyze its behavior and protect against threats in a way other approaches don't, he adds. Trend Micro's goal is to build a platform that can integrate with DevOps culture. It's focusing on automation for customer applications, building its Deep Security platform, and ramping up internal R&D to focus on container image scanning.

The acquisition will bring Immunio's early detection, protection against app vulnerabilities, and container image scanning into these projects.

"You can protect all stages of application delivery, from the time the code is written all the way through to production," says Nunnikhoven. "To do that, you have to apply the right security technique at the right time in the application lifecycle."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9024
PUBLISHED: 2020-02-17
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.
CVE-2020-9025
PUBLISHED: 2020-02-17
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.
CVE-2020-9026
PUBLISHED: 2020-02-17
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.
CVE-2020-9027
PUBLISHED: 2020-02-17
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
CVE-2020-9028
PUBLISHED: 2020-02-17
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).