Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

PatchLink Buys SecureWave

Deal merges endpoint security with patch management, vulnerability assessment

PatchLink yesterday acquired endpoint security vendor SecureWave, paving the way for a combined offering that might make it easier for enterprises to manage client security.

Terms of the all-stock deal between the two private companies were not disclosed.

SecureWave's Sanctuary is a policy enforcement suite that uses whitelisting to enable only authorized applications to run and only authorized devices to connect to laptops, PCs, or servers. These capabilities, combined with PatchLink’s patch and vulnerability management products, will make it easier to proactively enforce application and device security policies and automatically patch and remediate vulnerabilities across an entire IT infrastructure, the partners say.

"The key phrase we're using is 'unified protection and control,' " says Dennis Szerszen, senior vice president at SecureWave. "Most of our customers have a number of different security agents they're using at the client, from antivirus to security control to vulnerability assessment. One of the things we can do [in this merger] is try to flatten the desktop infrastructure and deliver one unified agent, and maybe one console for managing policy."

PatchLink offers tools for assessing vulnerability at the endpoint and patching it, the partners say. SecureWave offers tools for protecting the endpoint from unauthorized access and enforcing security policy at the client. Together, the two companies could create a suite of tools to help enterprises find the weaknesses in their endpoints, patch or protect them, then ensure that end users continue to follow security policies, they say.

Collectively, the two companies already have nearly 5,000 customers, and their products protect some 14 million endpoints, the executives say. The companies have virtually no overlap between their product lines, and both rely heavily on the reseller channel for most sales.

Together, the two companies also have significant security management capabilities, but the combined organization has no plans to compete with security information management vendors, Szerszen says. (See A Multitude of SIMs.)

"What they are doing is event management and correlation, and that's not what we're talking about here," he states. "We're focused on security management from a policy enforcement perspective."

The deal is subject to the approval of SecureWave shareholders and is expected to be completed "in coming weeks," the partners say.

— Tim Wilson, Site Editor, Dark Reading

  • PatchLink Corp.
  • SecureWave S.A.

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Threaded  |  Newest First  |  Oldest First
    Mobile Banking Malware Up 50% in First Half of 2019
    Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
    Active Directory Needs an Update: Here's Why
    Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
    New Attack Campaigns Suggest Emotet Threat Is Far From Over
    Jai Vijayan, Contributing Writer,  1/16/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    How Enterprises are Attacking the Cybersecurity Problem
    How Enterprises are Attacking the Cybersecurity Problem
    Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-5216
    PUBLISHED: 2020-01-23
    In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seei...
    CVE-2020-5217
    PUBLISHED: 2020-01-23
    In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could b...
    CVE-2020-5223
    PUBLISHED: 2020-01-23
    In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3...
    CVE-2019-20399
    PUBLISHED: 2020-01-23
    A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
    CVE-2020-7915
    PUBLISHED: 2020-01-22
    An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.