McAfee Buys into Web Site Certification with ScanAlert Acquisition

McAfee will attack Web site security from both ends with Hacker Safe and its own SiteAdvisor.

McAfee announced Oct. 30 that it will acquire ScanAlert to attack Web site security from both ends with ScanAlerts Hacker Safe service and its own SiteAdvisor rating system.

With its eye on securing e-commerce, McAfee is set to integrate ScanAlert, of Napa, Calif., into its security strategy. ScanAlert audits and certifies the security of more than 75,000 Web sites, and company officials estimate their technology protects more than 15 million e-commerce transactions a month. E-commerce sites certified as Hacker Safe have undergone a security audit by ScanAlert, which scans the site for vulnerabilities and identifies and verifies security fixes.

"McAfee plans to integrate ScanAlerts Hacker Safe indication of secure Web sites into its SiteAdvisor Web rating system, creating the industrys first safe search, surf and shop service," Joris Evers, director of worldwide public relations at McAfee, said in an interview with eWEEK. "Also, McAfee will offer its customers the option to have their e-commerce sites certified, offering their customers reassurance that they are dealing with a safe Web site."

The SiteAdvisor ratings are based on the findings of a system of automated testers that continually patrol the Web to browse sites, download files and enter information on sign-up forms. The results are documented, supplemented with feedback from customers and Web site owners and analysis by McAfee, and then summarized into safety ratings.

The Santa Clara, Calif.-based McAfee will pay $51 million in cash up front with an earn-out of up to an additional $24 million if certain performance targets are met. The acquisition—which comes on the heels of a pending acquisition of encryption vendor SafeBoot for $350 million—is expected to close in the first quarter of 2008.


Read more here about McAfees interest in SafeBoot.

Scott Crawford, an analyst with Enterprise Management Associates, said the ScanAlert acquisition is complementary to McAfees Foundstone division and brings together system-level vulnerability assessment with Web security assessment.

"Moreover, it makes this available not only as a service but as one accessible to a broad scope of businesses," he said. "This gives McAfee stronger positioning against Qualys and others in the VM space, and adds to the increased awareness of Web vulnerability and application security management. … This is yet again another piece of those tactical/operational assets that are defining McAfees strategy around IT risk management."

ScanAlert will be integrated into McAfees Web Security Group, co-led by Ken Leonard of ScanAlert and Tim Dowling, a vice president under McAfees consumer, mobile and small business unit.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.