Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Symantec Takes $370 Million Plunge Into Encryption Market

Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say

Symantec today placed a $370 million bet that encryption will play a key role in solving enterprises' future security problems.

In a single announcement, the security giant said it is acquiring PGP Corp. -- one of the industry's oldest and best-known enterprise email and data encryption tool vendors -- as well as GuardianEdge, which makes encryption tools for endpoint devices, such as laptops, smartphones, and portable storage devices.

Symantec will pay $300 million in cash for PGP and $70 million in cash for GuardianEdge.

Although it has built a huge business on security tools such as antivirus software and data leak protection, Symantec previously had not placed a high priority on encryption. Today's acquisitions show the company is making a shift in those priorities.

"Encryption technology is an important element of an information-centric security solution, as critical information is increasingly on mobile devices and in the cloud," the company said in a statement. "State and national governments are enacting more stringent and costly compliance mandates, such as the HITECH and UK Data Protection Acts, which are driving the need to encrypt sensitive information and protect an individual's privacy. Also, the increased costs and frequency of data breaches are driving the adoption of encryption as companies strive to mitigate risk.

"By bringing together PGP and GuardianEdge's standards-based encryption capabilities for full-disk, removable media, email, file, folder and smartphone, with Symantec's endpoint security, data loss prevention and gateway security offerings, Symantec will have the broadest set of integrated data protection solutions. This unique portfolio will address the data protection needs of all major customer segments from the largest enterprises and governments to small businesses and individuals."

Industry analysts generally praised the acquisition.

"Symantec has been showing that it is getting considerably better at acquisitions and integrations," says Nick Selby, managing director at security consultancy Trident Risk Management. "By adding GuardianEdge's largely already integrated management of endpoint and port and device control and PGP's key management and encryption chops -- not to mention PGP's acquired technology from Chosen -- Symantec is developing a credible answer to McAfee/Safeboot/Onigma and Sophos/Utimaco, though on a much larger scale."

"What I really like about these acquisitions is that they go well beyond PC full-disk encryption alone," says Jon Oltsik, principal analyst at Enterprise Strategy Group. "With PGP and GuardianEdge, Symantec gets a geographically dispersed installed base, a leading standards-based key management platform, a PKI SaaS offering, a strong government presence, and encryption coverage from mobile devices to mainframes.

"Yesterday, Symantec was lagging in encryption and key management. Today, with PGP and GuardianEdge, it is now able to provide leading solutions worldwide."

Symantec says it plans to integrate "key features and functionality from each company's offerings" and standardize on the PGP key management platform in order to deliver centralized policy and key management capabilities across the entire suite of encryption solutions.

Symantec also intends to integrate the PGP key management platform into the Symantec Protection Center, which simplifies security information management by providing consolidated access to threat, security, and operational reporting.

Integration of both companies' technologies into the Symantec product line will not be easy, Selby warns. "This is not a walk in the park," he says. "Large-scale key management and policy-based encryption in an enterprise are nontrivial tasks, and while Symantec is improving, it has in the past suffered from integration and organizational challenges."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.