Symantec Buys Security Consulting Pioneer @stake

Updated: The company says it is acquiring @stake, one of the first digital security consulting firms in the industry, for an undisclosed sum.

Symantec Corp. on Thursday announced that is acquiring @stake Inc., perhaps the most well-known security consulting firm in the industry, for an undisclosed sum.

The purchase marks the end of an era for @stake, and in a sense, for the security industry at large. Among the first digital security consulting firms to pop up, @stake made its name by assembling an all-star roster of security talent and then turning the researchers and consultants loose on a wide variety of projects, both mainstream and arcane. The company got an early boost when it acquired the hacker collective known as L0pht Heavy Industries, a Boston-based group made up of some of the best-known security researchers in the world, including Peiter Zatko, known as Mudge, and Chris Wysopal, who went by the handle Weld Pond.

Wysopal is still with @stake, as the companys director of research and development, but almost all of the other L0pht members have left. A Symantec spokesperson said Wysopal would be staying with Symantec as director of development. James Mobley, @stake CEO, will also stay with Symantec as vice president of global security consulting. The company hopes to keep as many of @stakes 115 employees as it can and will keep the Cambridge, Mass., office open for the time being.

The L0pht collective began in 1992 in Bostons South End and many of its members had been active in the security scene for many years by the time @stake acquired the group in 2000. The presence of such high-profile researchers lent an aura of credibility and mystique to @stake in its early days, but as the members began leaving to start their own companies or to go into semi-retirement as Mudge did, the firm took on a more corporate character.

Many of the companys former employees cited the more buttoned-down atmosphere and conflicting feelings about doing business with big software vendors such as Microsoft Corp. as their reasons for leaving. For a group best known for writing the L0phtcrack password-cracking tool and telling Congress that its members could take down the Internet within a few minutes, this was a major shift.

"It was a little bit surprising that they were bought, but this is the way things are going. You still have some independent companies out there doing research, but the overall feeling is that most of the industry works for the bigger companies now," said Dave Aitel, CEO of Immunity Inc. in New York, and a former @stake consultant.

"[@stake has] had a ton of turnover so the people who are there now arent necessarily the top people. But I dont think it will be much of a change for them. It was never this welcoming little cocoon atmosphere that people thought it was. Its a consulting company. Theres not much difference between consulting for @stake and Symantec—maybe better benefits."

For Symantec, of Cupertino, Calif., the purchase of @stake gives the company access to a world-class research organization as well as a ready-made roster of high-end consulting clients. The company plans to integrate the @stake employees and offerings into its global services organization.

Editors Note: This story was updated to include comments from Immunity CEO Dave Aitel.


Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our Security news feed to your RSS newsreader or My Yahoo page