McAfee Acquires Onigma, Launches Risk Management Strategy

 
 
By Matt Hines  |  Posted 2006-10-16
 
 
 
McAfee launched a new corporate strategy on Oct. 16 aimed at helping companies integrate IT defenses used to fight external attacks and manage internal compliance, announcing a $20 million buyout of data leak prevention software maker Onigma as part of the expanded effort.

Officials with McAfee, based in Santa Clara, Calif., said customers are increasingly looking for ways to integrate technologies for preventing outside attacks from threats such as malware with tools used to maintain compliance with government and corporate security regulations.

To meet this demand, McAfee introduced a new companywide initiative to help companies simplify and centralize management of applications used for external and internal security purposes.

To further expand its risk mitigation offerings, the software maker also announced that it has completed a deal to acquire Onigma, a privately held maker of data leakage prevention applications, based in Tel Aviv, Israel.

Onigmas software tools promise to monitor corporate data usage for unusual behavior and report potential information theft or misuse to authorities to prevent confidential data from leaving companies without authorization.

McAfee chides Microsoft over security policies in Windows Vista. Click here to read more.

As a result of the deal, which has already been completed, and the immediate integration of Onigmas content-based DLP (data loss prevention) technology, McAfee announced a new host-based information leakage prevention product dubbed McAfee Data Loss Prevention. The package is intended to help companies protect against the unauthorized transfer of data within or outside of their networks.

The product boasts the ability to protect information from unauthorized use by disallowing sensitive data from being copied and pasted from one file format into another, taken via screen capture, or saved into zip files and encrypted.

The software also promises to prevent inappropriate transmission of protected data between laptops and portable storage devices, and the software maker has also integrated the application set with its McAfee Secure Messaging Gateway to prevent data loss on mobile devices.

McAfee officials said the acquisition is vital to its broader risk management strategy because many companies that have installed data leakage prevention tools at their network gateways are also seeking host-based technologies such as Onigmas—use of which is the only way to provide the most comprehensive form of data protection, said Vimal Solanki, senior director of product marketing at McAfee.

At the heart of the companys centralized risk management strategy will be further integration of tools such as Onigmas with McAfees ePolicy Orchestrator security management console, he said.

"Customers definitely need a host of solutions, and they are tired of working with a stack of products that force them to use a lot of different consoles to manage risk across their organization to fight both external attacks and manage efforts such as regulatory compliance," Solanki said. "We can now offer them a complete, integrated console that gives them all the necessary information across all their security systems; by doing so we think our entry will fundamentally reshape the market for risk management and data loss prevention."

In addition to the Onigma buyout, McAfee said the technologies garnered via its recent acquisitions of Preventsys and SiteAdvisor, as well as its pending deal to take over Citadel Security Software, give it an industry-leading capability to integrate threat prevention with compliance management technologies for enterprises.

As part of its comprehensive strategy, McAfee will look to market more of its traditional anti-virus, intrusion prevention and anti-spyware products together with the compliance management capabilities gained through its buyout spree, which include policy enforcement, vulnerability remediation, NAC (network access control), systems auditing and data loss prevention.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

By weaving all of its new products into ePolicy Orchestrator, the firm said, it allows customers to fortify security policies by giving them the ability to create automated responses and remedies to rules violations, as well as to streamline management of all the different technologies involved.

McAfee has been aggressively increasing its focus on compliance management software and services since its Aug. 2004 buyout of Foundstone for $86 million cash. The companys core anti-virus technologies continue to come under pressure from rivals such as segment leader Symantec and newcomer Microsoft, which only recently jumped into the security applications sector.

At least one industry analyst said McAfees buyout of Onigma and move further into the data protection market come at opportune time, as interest in the technologies and vendor consolidation in the space continues to increase. Security companies providing e-mail encryption and data leak prevention tools seem likely to continue to merge their operations via acquisition, or to sign partnerships, said Richard Stiennon, an analyst with IT-Harvest, in Birmingham, Mich.

"There is definitely a tie between leak prevention and compliance, so it makes sense that McAfee would jump into this space, [as] it fits with their recent interest in control and compliance," Stiennon said in a research note. "Of course, acquiring a leak prevention company is one-third of executing on a data protection strategy; [other] potential targets for acquisition [may include] Entrust for encryption, or Safend."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Rocket Fuel