Symantec Corp. was nearing a deal to buy VeriSign Inc.'s authentication business for $1.3 billion, the Wall Street Journal reported late Tuesday.
A Symantec spokesman said the company doesn't comment on rumor or speculation. A VeriSign spokeswoman also said the company has a policy not to comment on rumors.
VeriSign's authentication services include two-factor authentication and risk-based fraud detection. The Mountain View, Calif.-based company also provides SSL certificates and domain name services. Reuters reported that VeriSign had been shopping its security business.
VeriSign has steadily been selling off business units since its high-flying days during the Internet boom. A year ago, SecureWorks Inc. bought the company's managed security services. Last fall, AT&T Inc. acquired VeriSign's global security consulting business.
Cupertino, Calif.-based Symantec has grown substantially beyond its antivirus business with a string of 27 acquisitions since 2004. Last month, the company bought encryption companies PGP Corp. and GuardianEdge Technologies Inc.
Jonathan Penn, a vice president at Forrester Research Inc., said he couldn't comment on the accuracy of the report, but said the possible deal raises several questions.
"A lot would have to do with how this is structured: Would the SSL business go with the authentication business (both under the security unit)? Probably not, since it would make most sense to keep SSL with domain services. Would iDefense -- VeriSign's security labs, but intimately tied to the core infrastructure -- go to Symantec or stay with VeriSign?," he said in an email.
VeriSign's seal business would be attractive to Symantec as a defensive play against McAfee, which is "full bore into that market," Penn said. He added, however, that he'd be concerned about what the potential deal could do to VeriSign as a company. "They'd be selling off a big part of their growth prospects. They'd be left with the cash-cow of naming services, but it's a commodity business," he said.