McAfee Buys SIEM Provider Nitro Security

McAfee announced plans to acquire event- and log-management company Nitro Security to bring risk-management and event-analysis capabilities in-house.

McAfee announced its plans to acquire privately owned Nitro Security to create a new security-information and event-management division focusing on security analytics and log management.

McAfee expects to combine the Nitro Security technology with its own security-management portfolio to provide organizations greater visibility into their endpoints, network infrastructure and threats targeting the environment, McAfee said Oct. 4. The agreement is subject to regulatory approvals and the acquisition is expected to close toward the end of the fourth quarter, Nitro Security said. McAfee and Nitro Security didn't disclose the deal's financial terms.

Nitro Security's NitroView software allows customers to take underlying IT and security events and understand the organization's risk posture, Dave Anderson, senior director of solutions marketing at McAfee, told eWEEK. Most organizations are using Security Information and Event Management (SIEM) as a reactive measure to find out what happened and to run reports to meet compliance requirements, Anderson said. Combining NitroView with McAfee's risk and compliance capabilities will provide customers with situational awareness and a dramatic shift in how data is understood.

Customers are trying to manage too much data, and the combined product portfolio will give them the tools to "calculate associated risk and security posture" by providing a "specific level of context," Anderson said.

McAfee is "one of the world's largest cyber-security organizations" and the vanguard of technology, Jerry Skurla, executive vice president of marketing, told eWEEK. The acquisition would help Nitro Security expand from a United States-based market to reach global customers and support a bigger base of third-party products and platforms.

McAfee does not currently have a SIEM product in its portfolio, so there is no overlap in products as a result of the acquisition. However, Nitro Security's products are not new to McAfee, according to Anderson. McAfee has been using Nitro Security's technology internally as its in-house SIEM platform for the past few months, Anderson told eWEEK.

Additionally, Nitro Security has been working with McAfee for the past three years under the Security Innovation Alliance. Under the alliance, the companies shared technology for interoperability. Nitro Security took interoperability one step further to provide true bi-directional integration where data from NitroView software can be sent to McAfee's ePolicy Orchestrator platform and the information from ePolicy feeds back to NitroView, according to Skurla.

Both Skurla and Anderson said there were discussions about how Nitro Security's technology would be integrated in the hardware security initiatives McAfee is working on with its parent company Intel. While they said there were "great opportunities," they declined to provide any specifics.

The entire Nitro Security team, the engineers and the sales structure, will be coming over intact to McAfee to form a new SIEM division, according to Skurla. He declined to discuss specific roles or new titles for Nitro executives and individual personnel. The new division will be part of McAfee's risk and compliance product portfolio, Anderson said, but he declined to discuss the reporting structure.

"We understand very clearly the capabilities of McAfee's product portfolio," Skurla said, noting that this familiarity will help smooth out the integration road map and the fact that the team was staying together meant a more "rapid uptake" within McAfee than if the team had to rebuild iteself.

On the same day McAfee announced its plans to buy Nitro, IBM said it would acquire another security data analytics company, Q1 Labs. The announcement "supports the trend" that there is consolidation going on in the industry, according to Anderson. However, McAfee had looked at "many companies" and "we are confident that we picked the right team and technology," Anderson said.

The threat landscape has gotten scarier in the past year than it has ever been, Skurla said, noting that the fact that "premier" organizations are bringing SIEM in-house is a sign that the technology fits a user need and customers are demanding ways to make sense of the security information they are collecting. SIEM will be a "fundamental" technology for effective cyber-security for the next five to 10 years, according to Skurla.