McAfee on Wednesday announced its intention to acquire database security vendor Sentrigo Inc., marking McAfee's...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
first acquisition since it was acquired by silicon giant Intel.
The fact that Oracle, IBM and McAfee are all promoting products in this area is now a very good sign.
CTO and security strategistSecurosis
McAfee said it has maintained a successful partnership with Santa Clara, Calif.-based Sentrigo under an OEM relationship it's had in place since October through its partner program. The company's channel partners have been selling Sentrigo's database monitoring software and other database security auditing and vulnerability management technologies under the McAfee name.
In a statement, McAfee CEO Dave DeWalt said the company plans to sell a complete database security platform, integrating certain Sentrigo technologies with "products across the McAfee portfolio."
The acquisition broadens McAfee's reach into the database security market, offering database auditing and activity monitoring technologies alongside its endpoint security software. In addition, McAfee said it would leverage Sentrigo's virtual patching capabilities for database systems that cannot be patched in a timely manner.
"As part of McAfee, Sentrigo will be in a position to deliver these best-of-breed solutions to address a much broader range of customer's database security and compliance challenges." Nathan Shuchami, CEO of Sentrigo, said in a statement.
The market for database activity monitoring, vulnerability scanning and auditing capabilities has been squeezed by the database vendors themselves, which continue to broaden their security capabilities, said Eric Ogren, founder and principal analyst of the Ogren Group. Ogren refrained from calling database activity monitoring a market, and said many niche database security technologies are becoming feature sets of broader offerings. Oracle acquired database firewall vendor Secerno last year, adding it to its database activity monitoring capabilities. IBM acquired Guardium Inc. in 2009 for $225 million.
Ogren called the deal a good move for McAfee. The acquisition was likely a cost effective way for it to expand its portfolio of enterprise IT products to increase its revenue for Intel, he said.
"Database security monitoring is a core infrastructure technology and McAfee probably didn't have to spend a lot of money for [Sentrigo]," Ogren said. "Sentrigo is software based so it's a better fit for McAfee than a vendor like Imperva that would be offered as an appliance."
In addition to Imperva Inc., Sentrigo competed with Application Security Inc., a longtime independent player in the database security market and Lumigent Technologies Inc.
The technology is being deployed at large enterprises looking to gain better visibility into their database activity and get a better control over common database vulnerabilities that lead to costly data breaches, said Adrian Lane, chief technology officer and security strategist for information security research and analysis firm Securosis. Merchants have also used the technology as a compensating control for the Payment Card Industry Data Security Standards, Lane said
Imperva has the most complete product and likely demanded a high price, Lane said, adding that Application Security's capabilities are a step behind Imperva.
"Sentrigo has just crossed the line and was now able to make the claim that they're enterprise ready," Lane said. "The fact that Oracle, IBM and McAfee are all promoting products in this area is now a very good sign."
Lane was CTO of database security vendor, IPLocks Inc. The firm's assets were acquired by Fortinet Inc. in 2008. He said the market is a difficult one for independent vendors. The competitive landscape demands vendors support, IBM, Oracle and Microsoft databases, but to be viable, they also need to support a variety of other database platforms, he said. The technology needs to collect data, integrate with workflow systems, accept policies and support a variety of types of users, so "there's a number of moving components here and there's a lot to build out," Lane said.