Privilege management vendor BeyondTrust is acquiring vulnerability and configuration management vendor eEye Digital Security, in a move the company said is an ongoing strategy of adding security capabilities to its product portfolio.
There is some integration work that needs to be done to make it much more of a product line than a couple of technology pieces sold through the same distribution channel.
Mike Rothman, analyst, president, Securosis.
Terms of the acquisition were not disclosed. Both firms said the deal enables them to establish a more robust platform that can be maintained and monitored at a single point for protection from both insider and external threats.
Carlsbad, Calif.-based BeyondTrust specializes in controlling privileged user access on the Windows platform. It was acquired by Symark International Inc., extending its capabilities to Unix and Linux systems. The company sells its Powerbroker line of products. It has introduced data leakage protection and mobile security capabilities, which use account user profiles to monitor and log user behavior. The company entered the database activity monitoring market with the acquisition of Lumigent in 2011.
The acquisition enables BeyondTrust to continue to fill out its product capabilities and distinguish it from its competitors, said Mark Diodati, a research vice president at Gartner Inc. It’s a move other vendors in the privilege management market have been making as well, Diodati said.
“Part of what has been missing in its stack is the actual management of vulnerabilities,” Diodati said. “If they execute properly they can create a common package for installation and unify their capabilities.”
Irvine Calif.-based eEye Digital Security was co-founded by industry luminary Marc Maiffret and Firas Bushnaq. The company sells the Retina product line of vulnerability and compliance management capabilities. Its patch management functionality is noted for not only addressing known vulnerabilities, but also for having the ability to quickly address zero-day flaws, according to analysts. eEye, which was founded in 1998, underwent some serious struggles in 2007, prompting some experts to speculate it would be sold off. Maiffret and several others left the firm, but returned in 2010, indicating the company had turned a corner, said Mike Rothman, analyst and president of security research and consultancy firm Securosis.
Rothman said the acquisition makes sense for BeyondTrust because both company technologies are complimentary. Enterprise IT teams want fewer consoles for dashboards and reporting, he said. “There is some integration work that needs to be done to make it much more of a product line than a couple of technology pieces sold through the same distribution channel,” Rothman said. “There’s the ability to tell a compelling story for what the next iteration of BeyondTrust will be … when you look at deals like this, you look for whether there’s a huge amount of product overlap and channel conflict; Neither of those seem to be a problem with this acquisition.”
In an interview with SearchSecurity.com, Maiffret said he will be CTO of the combined company. With BeyondTrust’s rights management capabilities, eEye has the ability to extend Retina to the insider attack surface, he said.
“Most of the people we have at eEye that are engineers have been with us 10 plus years and our intention is to keep that longevity and experience,” Maiffret said. “We wanted to do something that was big and impactful and the unique thing here is that this is a complimentary buy where there isn’t a lot of overlap.”
A combined platform could be created that offers both insider and external threat protection, Maiffret said. In addition, the deal could enhance eEye’s configuration capabilities to find misconfigured systems that open companies up to attacks.
“[BeyondTrust] has a great database security product that has an approach that is a different perspective from ours,” Maiffret said. “If we think about getting together a combined view, it can be very powerful and provide better intelligence for enterprises.”
The first phase of the acquisition is about integrating BeyondTrust to extend eEye’s capabilities, said Jim Zierick, executive vice president of product operations at BeyondTrust. The company has event and keystroke logging files and can provide eEye with who has access to systems and information on company servers, Zierick said.
“We’re fundamentally marrying two different segments in the market together to solve a common problem,” Zierick said. “We’re combining user rights policies with the ability to discover and scan systems, determine their configurations, and how they can be fixed patched for an overall greater intelligence level.”
BeyondTrust has competed with Cyber-Ark Software Ltd., Lieberman Software Corp., Passlogix Inc. and Quest Software Inc., as well as Xceedium Inc. and Lieberman Software Corp.
According to Rothman, a combined BeyondTrust-eEye could help distinguish itself in the vulnerability management space, but it faces stiff competition. Qualys, Tenable Network Security and Rapid7 have been established in the vulnerability management market, as well as security giants McAfee (Foundstone), Symantec and IBM (BigFix). “Almost anybody that is offering a broad product line in security has some kind of presence in vulnerability management,” Rothman said.