Microsoft Buys Rootkit Detection Startup

Microsoft gets a key piece of technology to beef up its enterprise security offerings and a major entry point into government markets.

Looking to beef up the anti-malware protection capabilities in its enterprise and consumer security products, Microsoft has inked a deal to acquire Komoku, a U.S. government-funded startup that specializes in finding malicious rootkits. Financial terms of the deal were not released.
Komoku took in about $2.5 million in funding from DARPA (the Defense Advanced Research Projects Agency), the Department of Homeland Security and the U.S. Navy to build out a suite of hardware and software-based anti-rootkit products.
The hardware-based product, called CoPilot, is a high-assurance PCI card capable of monitoring the hosts memory and file system at the hardware level. It is specifically geared toward high-security servers and computers. On the software side, Komoku's Gamma is aimed at businesses looking for a low-assurance utility to pinpoint operating system abnormalities that may be linked to malicious rootkit activity.
Komoku has a partnership with security vendor Symantec to handle disinfection and restoration after rootkits and other sophisticated forms of malware are detected. Symantec's LiveState product combines with Copilot and Gamma to restore the system to its original state.
Microsoft plans to add Komoku's functionality into upcoming versions of the Forefront line of enterprise security products and Windows Live OneCare, Microsoft's all-in-one PC care solution. It's not clear how the CoPilot PCI card approach to rootkit detection fits into Microsoft's existing software-only products.
A Microsoft spokesman said the company is not yet ready to discuss specifics of the acquisition. The majority of Komoku's staff of nine will join Microsoft in the Access and Security Division.
The deal also gives Microsoft a major entry point into the government security market. Komoku's customer base includes a number of high-security government agencies, including the Defense Advanced Research Projects Agency, the U.S. Navy, the DHS and the DOD.
Komoku competes in the hardware-based rootkit detection space with Grand Idea Studio and BBN Technologies.