McAfee Buys Security Consulting Firm Foundstone

After months of rumors, McAfee has agreed to pay $86 million in cash for Foundstone.

After courting each other for months, both publicly and privately, McAfee Inc. and Foundstone Inc. on Monday finally decided to combine their operations. McAfee has agreed to pay $86 million in cash for Foundstone, which sells vulnerability management software and consulting services.

Rumors of the two companies interest in one another have been swirling in the security community since the RSA conference this spring. Neither company would comment on speculation of an acquisition, but sources close to the deal said that McAfee officials were intrigued by Foundstones high-end consulting services and its customer base, which includes a large portion of the Fortune 100.

Foundstone, which was founded in 1999 by several former consultants from large systems integrators, was one of the first dedicated security consulting shops. Along with @stake Inc., Foundstone helped create a market for large-scale security assessments of enterprise networks. More recently, Foundstone had begun to focus more of its efforts on selling software and appliances, specifically its Foundstone Enterprise software and FS1000 boxes.

Officials at both companies said the deal has been in the works for several months and that the major delay was McAfees desire to complete its divestiture of all nonsecurity assets before making another purchase. Once McAfees Sniffer unit was sold earlier this summer, the path was clear.

"Weve been working on it for a while. Ive personally known [Foundstone CEO] George [Kurtz] and [president and chief technology officer] Stuart [McClure] for a long time, and we kept in touch over the years," said Vince Rossi, senior vice president of product management at McAfee.

All of Foundstones executives and the lions share of its consultants will remain with McAfee, and Kurtz will run the Foundstone business within McAfee as the senior vice president of risk management, reporting to Gene Hodges, McAfees president. Rossi said the first integrated McAfee-Foundstone offering should hit the market in the first half of next year.

For McAfee, based in Santa Clara, Calif., the acquisition represents a continuation of the companys move into the intrusion prevention market. McAfee defines that term more broadly than most, and the addition of Foundstones vulnerability assessment and remediation products and expertise fill a void in the companys product portfolio.

McAfee is best known for its anti-virus solutions, but the company has been working to expand its collection of security products, mainly through acquisitions. The company jumped into the IPS space last year when it bought both IntruVert Networks and Entercept Security Technologies Inc. Since then McAfee has been weeding out the dead weight from its product portfolio, including selling off its Sniffer and Magic business units.

/zimages/6/28571.gifClick here to read about McAfees new tools to scope networks for rogue PCs.

McAfee officials said they expect the Foundstone acquisition to close within 60 days.

/zimages/6/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page