Symantec Acquires SSL VPN Vendor

In a $26 million deal for SafeWeb, Symantec becomes the latest company to purchase a Secure Sockets Layer virtual private network vendor.

Symantec Corp. on Monday announced that is has agreed to acquire SafeWeb Inc. for $26 million in cash. SafeWeb is a small security vendor known mainly for its appliances that feature SSL VPN technology.

This is the second purchase of an SSL VPN (Secure Sockets Layer virtual private network) vendor in the last few weeks. On Oct. 6, NetScreen Technologies Inc. bought Neoteris Inc. for $265 million. The recent activity in this sector is similar to the way things happened in the IPS (intrusion prevention system) market during the last 18 months or so. IPS technology, like SSL VPNs, quickly became a hot commodity last year as customers looked for something that was more efficient and less noisy than intrusion detection systems. A number of vendors sprang up, touting revolutionary behavior-based systems. But large enterprises were reluctant to invest in such a new technology and, as a result, large-scale implementations were few.

But some of the large security vendors saw value in making IPS part of a broader solution, and several of the more successful IPS companies were acquired earlier this year, including Entercept Security Technologies, IntruVert Networks Inc. and Okena Inc. Now, much the same chain of events is taking place in the new, but crowded, SSL VPN market.

SafeWeb, based in Emeryville, Calif., has specialized in selling its appliances to companies that are looking to extend their networks to include partners and customers, but need a secure way of doing so. The companys Tsunami appliance utilizes a clientless SSL VPN connection. Symantec officials in Cupertino, Calif., said they plan to integrate SafeWebs technology into Symantecs Gateway Security Appliance sometime next year, but will offer it as a stand-alone technology in the first quarter of 2004.

SSL VPNs, unlike more traidtional IPSec VPNs, do not require users to have separate client software on their machines. Instead, users log in through Web browsers over a link encrypted with SSL.