Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Symantec Takes $370 Million Plunge Into Encryption Market

Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say

Symantec today placed a $370 million bet that encryption will play a key role in solving enterprises' future security problems.

In a single announcement, the security giant said it is acquiring PGP Corp. -- one of the industry's oldest and best-known enterprise email and data encryption tool vendors -- as well as GuardianEdge, which makes encryption tools for endpoint devices, such as laptops, smartphones, and portable storage devices.

Symantec will pay $300 million in cash for PGP and $70 million in cash for GuardianEdge.

Although it has built a huge business on security tools such as antivirus software and data leak protection, Symantec previously had not placed a high priority on encryption. Today's acquisitions show the company is making a shift in those priorities.

"Encryption technology is an important element of an information-centric security solution, as critical information is increasingly on mobile devices and in the cloud," the company said in a statement. "State and national governments are enacting more stringent and costly compliance mandates, such as the HITECH and UK Data Protection Acts, which are driving the need to encrypt sensitive information and protect an individual's privacy. Also, the increased costs and frequency of data breaches are driving the adoption of encryption as companies strive to mitigate risk.

"By bringing together PGP and GuardianEdge's standards-based encryption capabilities for full-disk, removable media, email, file, folder and smartphone, with Symantec's endpoint security, data loss prevention and gateway security offerings, Symantec will have the broadest set of integrated data protection solutions. This unique portfolio will address the data protection needs of all major customer segments from the largest enterprises and governments to small businesses and individuals."

Industry analysts generally praised the acquisition.

"Symantec has been showing that it is getting considerably better at acquisitions and integrations," says Nick Selby, managing director at security consultancy Trident Risk Management. "By adding GuardianEdge's largely already integrated management of endpoint and port and device control and PGP's key management and encryption chops -- not to mention PGP's acquired technology from Chosen -- Symantec is developing a credible answer to McAfee/Safeboot/Onigma and Sophos/Utimaco, though on a much larger scale."

"What I really like about these acquisitions is that they go well beyond PC full-disk encryption alone," says Jon Oltsik, principal analyst at Enterprise Strategy Group. "With PGP and GuardianEdge, Symantec gets a geographically dispersed installed base, a leading standards-based key management platform, a PKI SaaS offering, a strong government presence, and encryption coverage from mobile devices to mainframes.

"Yesterday, Symantec was lagging in encryption and key management. Today, with PGP and GuardianEdge, it is now able to provide leading solutions worldwide."

Symantec says it plans to integrate "key features and functionality from each company's offerings" and standardize on the PGP key management platform in order to deliver centralized policy and key management capabilities across the entire suite of encryption solutions.

Symantec also intends to integrate the PGP key management platform into the Symantec Protection Center, which simplifies security information management by providing consolidated access to threat, security, and operational reporting.

Integration of both companies' technologies into the Symantec product line will not be easy, Selby warns. "This is not a walk in the park," he says. "Large-scale key management and policy-based encryption in an enterprise are nontrivial tasks, and while Symantec is improving, it has in the past suffered from integration and organizational challenges."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, Lastline,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Talk about vendor lock in...
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11816
PUBLISHED: 2019-05-20
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
CVE-2019-10076
PUBLISHED: 2019-05-20
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-10077
PUBLISHED: 2019-05-20
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-10078
PUBLISHED: 2019-05-20
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVE-2019-12239
PUBLISHED: 2019-05-20
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.