Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:45 AM

Microsoft in Whale of a Deal

Software behemoth buys SSL VPN startup Whale for an undisclosed amount

Microsoft today bought privately held SSL VPN vendor Whale Communications for an undisclosed sum, another move to bolster enterprise network security for its customers. (See Microsoft Acquires Whale.)

Fort Lee, N.J.-based Whale, which specializes in Windows-based Secure Sockets Layer VPN hardware, is the latest security vendor to get snapped up by a big-name player, after Juniper stumped up about $4 billion in stock for NetScreen, and Citrix bought NetScaler, a startup offering a combination of SSL VPN and load balancing features. (See Juniper to Acquire NetScreen, Citrix to Buy NetScaler for $300M, and Meta Group Ranks SSL VPN Market.)

The move is also designed to support Microsoft's Network Access Protection (NAP) play at a time when the major vendors are cranking up their security strategies. Microsoft's NAP, for example, plays in the same space as Cisco's Network Admission Control (NAC) and Juniper's Enterprise Infranet initiatives, which attempt to secure corporate networks. (See Chambers Shouts About Security, Cisco, Microsoft Team Up on Security, and Juniper Infranets the Enterprise.)

But at this stage, Microsoft is yet to reveal its specific long-term plans for Whale, saying only in a statement released this morning that the platform will broaden users' access options from a variety of locations and devices. This, according to the vendor, includes PCs, Internet kiosks, and mobile devices.

Rob Whiteley, senior analyst at Forrester Research, tells Byte and Switch that the deal makes sense, citing the long-standing relationship between the two companies. "Whale has always had an SSL VPN and application firewall that's built on Windows server," he notes. "It was clear that they were going to develop a tighter relationship that was either an OEM deal or an acquisition."

According to Whiteley, the deal spells good news for customers. "What this gives the end users is the ability to further leverage Microsoft's overall NAP strategy and pull end-point security policies into remote and mobile devices."

But Whiteley warns that the two firms take radically different approaches to security. "The biggest challenge is going to be that Whale is an appliance vendor, Microsoft is not," he says. "They need to figure whether they are going to stay committed to this in the appliance form factor."

Dan Harman, Lotus Notes administrator at Upland, Calif.-based real estate developer Lewis Operating Corp. which has deployed two of Whale's e-Gap devices for remote employee access, tells Byte and Switch that he hopes Microsoft will put its weight behind the Whale appliances. "As far as I know, Whale will still be doing what Whale does -- it's pretty important for us," he says.

This, says Whiteley, is typical of how most users approach SSL VPN technology. "As SSL VPN technology emerges, users are more comfortable with the appliance form factor."

Other Whale customers include the U.K.'s governing Labour Party, utility firm E.ON, Virgin Atlantic Airways, Krispy Kreme, and the Sumitomo Mitsui Banking Corporation.

Microsoft is diving into a market segment poised for growth. Analyst firm Infonetics predicts that the market for network security appliances and software will be worth $5.5 billion in 2008, up from $3.7 billion in 2004. (See Network Security Market up 30% in Q4.)

Microsoft is yet to yet confirm how many of the Whale workforce or executive team will be moving over to the software vendor.

In trading today, shares of Microsoft rose 32 cents (1.41 percent) to $23.05.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

  • Citrix Systems Inc. (Nasdaq: CTXS)
  • Forrester Research Inc.
  • Infonetics Research Inc.
  • Juniper Networks Inc. (Nasdaq: JNPR)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Whale Communications Ltd.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/21/2020
    Cybersecurity Bounces Back, but Talent Still Absent
    Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
    Meet the Computer Scientist Who Helped Push for Paper Ballots
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-09-22
    Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
    PUBLISHED: 2020-09-22
    Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
    PUBLISHED: 2020-09-22
    Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Star...
    PUBLISHED: 2020-09-22
    Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
    PUBLISHED: 2020-09-22
    Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuratio...