Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

PatchLink Buys SecureWave

Deal merges endpoint security with patch management, vulnerability assessment

PatchLink yesterday acquired endpoint security vendor SecureWave, paving the way for a combined offering that might make it easier for enterprises to manage client security.

Terms of the all-stock deal between the two private companies were not disclosed.

SecureWave's Sanctuary is a policy enforcement suite that uses whitelisting to enable only authorized applications to run and only authorized devices to connect to laptops, PCs, or servers. These capabilities, combined with PatchLink’s patch and vulnerability management products, will make it easier to proactively enforce application and device security policies and automatically patch and remediate vulnerabilities across an entire IT infrastructure, the partners say.

"The key phrase we're using is 'unified protection and control,' " says Dennis Szerszen, senior vice president at SecureWave. "Most of our customers have a number of different security agents they're using at the client, from antivirus to security control to vulnerability assessment. One of the things we can do [in this merger] is try to flatten the desktop infrastructure and deliver one unified agent, and maybe one console for managing policy."

PatchLink offers tools for assessing vulnerability at the endpoint and patching it, the partners say. SecureWave offers tools for protecting the endpoint from unauthorized access and enforcing security policy at the client. Together, the two companies could create a suite of tools to help enterprises find the weaknesses in their endpoints, patch or protect them, then ensure that end users continue to follow security policies, they say.

Collectively, the two companies already have nearly 5,000 customers, and their products protect some 14 million endpoints, the executives say. The companies have virtually no overlap between their product lines, and both rely heavily on the reseller channel for most sales.

Together, the two companies also have significant security management capabilities, but the combined organization has no plans to compete with security information management vendors, Szerszen says. (See A Multitude of SIMs.)

"What they are doing is event management and correlation, and that's not what we're talking about here," he states. "We're focused on security management from a policy enforcement perspective."

The deal is subject to the approval of SecureWave shareholders and is expected to be completed "in coming weeks," the partners say.

— Tim Wilson, Site Editor, Dark Reading

  • PatchLink Corp.
  • SecureWave S.A.

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
    Ericka Chickowski, Contributing Writer,  12/2/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-19647
    PUBLISHED: 2019-12-09
    radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
    CVE-2019-19648
    PUBLISHED: 2019-12-09
    In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
    CVE-2019-19642
    PUBLISHED: 2019-12-08
    On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
    CVE-2019-19637
    PUBLISHED: 2019-12-08
    An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
    CVE-2019-19638
    PUBLISHED: 2019-12-08
    An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.