Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Symantec Takes $370 Million Plunge Into Encryption Market

Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say

Symantec today placed a $370 million bet that encryption will play a key role in solving enterprises' future security problems.

In a single announcement, the security giant said it is acquiring PGP Corp. -- one of the industry's oldest and best-known enterprise email and data encryption tool vendors -- as well as GuardianEdge, which makes encryption tools for endpoint devices, such as laptops, smartphones, and portable storage devices.

Symantec will pay $300 million in cash for PGP and $70 million in cash for GuardianEdge.

Although it has built a huge business on security tools such as antivirus software and data leak protection, Symantec previously had not placed a high priority on encryption. Today's acquisitions show the company is making a shift in those priorities.

"Encryption technology is an important element of an information-centric security solution, as critical information is increasingly on mobile devices and in the cloud," the company said in a statement. "State and national governments are enacting more stringent and costly compliance mandates, such as the HITECH and UK Data Protection Acts, which are driving the need to encrypt sensitive information and protect an individual's privacy. Also, the increased costs and frequency of data breaches are driving the adoption of encryption as companies strive to mitigate risk.

"By bringing together PGP and GuardianEdge's standards-based encryption capabilities for full-disk, removable media, email, file, folder and smartphone, with Symantec's endpoint security, data loss prevention and gateway security offerings, Symantec will have the broadest set of integrated data protection solutions. This unique portfolio will address the data protection needs of all major customer segments from the largest enterprises and governments to small businesses and individuals."

Industry analysts generally praised the acquisition.

"Symantec has been showing that it is getting considerably better at acquisitions and integrations," says Nick Selby, managing director at security consultancy Trident Risk Management. "By adding GuardianEdge's largely already integrated management of endpoint and port and device control and PGP's key management and encryption chops -- not to mention PGP's acquired technology from Chosen -- Symantec is developing a credible answer to McAfee/Safeboot/Onigma and Sophos/Utimaco, though on a much larger scale."

"What I really like about these acquisitions is that they go well beyond PC full-disk encryption alone," says Jon Oltsik, principal analyst at Enterprise Strategy Group. "With PGP and GuardianEdge, Symantec gets a geographically dispersed installed base, a leading standards-based key management platform, a PKI SaaS offering, a strong government presence, and encryption coverage from mobile devices to mainframes.

"Yesterday, Symantec was lagging in encryption and key management. Today, with PGP and GuardianEdge, it is now able to provide leading solutions worldwide."

Symantec says it plans to integrate "key features and functionality from each company's offerings" and standardize on the PGP key management platform in order to deliver centralized policy and key management capabilities across the entire suite of encryption solutions.

Symantec also intends to integrate the PGP key management platform into the Symantec Protection Center, which simplifies security information management by providing consolidated access to threat, security, and operational reporting.

Integration of both companies' technologies into the Symantec product line will not be easy, Selby warns. "This is not a walk in the park," he says. "Large-scale key management and policy-based encryption in an enterprise are nontrivial tasks, and while Symantec is improving, it has in the past suffered from integration and organizational challenges."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2228
PUBLISHED: 2020-02-19
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
CVE-2014-2727
PUBLISHED: 2020-02-19
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
CVE-2015-2104
PUBLISHED: 2020-02-19
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2014-3622
PUBLISHED: 2020-02-19
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
CVE-2016-10000
PUBLISHED: 2020-02-19
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).