Symantec on Monday announced plans to shell out $209 million in cash to gobble up BindView Development, a company that sells policy-compliance and vulnerability management software.
The deal marks the third acquisition for Symantec Corp. in the last two months and signals an aggressive move by the Internet security vendor to expand its security offerings following the merger with Veritas Software Corp.
Symantec, based in Cupertino, Calif., said the BindView Development Corp. deal provides elbow room in the competitive compliance and vulnerability management software market.
When the deal closes, Symantec plans to use the BindView technology to offer customers “a choice of agent-based or agentless technology architectures,” it said.
The deal comes swiftly on the heels of Symantecs recent acquisitions of network security player Sygate Inc. and anti-phishing vendor WholeSecurity Inc.
Before that, Symantec also shelled out big bucks to snap up a long list of security companies, including Brightmail Inc., TurnTide Inc., @Stake Inc., Liric Associates Ltd. and Platform Logic, and closed on a $13.5 billion merger with storage behemoth Veritas.
Houston-based BindView markets an agentless policy compliance solution for businesses looking to enforce security policies, demonstrate compliance and protect against malicious threats and vulnerabilities.
With agentless and agent-based offerings, Symantec said, clients will be able to define and create policies based on the regulations, frameworks and standards that are relevant for specific industries.
“Organizations can control compliance by implementing secure configurations, addressing vulnerabilities including patch management, securing user access and developing sound policies,” Symantec said in a statement.
Even as Symantec put a bright spin on its recent acquisition binge, analysts are beginning to question some of the companys moves.
John Pescatore, senior vice president of research at Gartner Inc., said Symantec engineers will face a mighty task in trying to integrate all its recent acquisitions.
The security company, known mostly for its consumer-facing Norton anti-virus suite, will also have to integrated distant development groups—WholeSecurity in Austin, Texas, and BindView in Houston—into its operations.
Best of breed technology may suffer when it is forced to fit into an overarching framework, like Symantecs SESA (Symantec Enterprise Security Architecture), Pescatore said.
“I hate to say this, but the last time I saw a wave of acquisitions like this was when Computer Associates ran around and bought up all kinds of security companies in the late 1990s, and a lot of those products were much the worse for it.”
“What Symantec picks up is BindViews installed base for policy compliance. [Gartner] didnt see BindView as being strong on vulnerability management,” Pescatore added.
He said the Symantec ESM (Enterprise Security Manager) competed head-to-head with BindViews software, noting that the only area where BindView was different was the capacity to work without an agent.
The deal may be an effort to continue expanding beyond core areas such as anti-virus and anti-spyware, ahead of competition from Microsoft Corp., which will be releasing an integrated anti-virus and anti-spyware product next year.
In addition to BindViews policy compliance features, the companys agentless architecture will enable Symantec to distinguish itself from Microsoft by extending protection to non-Windows platforms like Macintosh and Linux, Pescatore said.
“When you see the meteorite coming, its a good idea to get out of its shadow,” Pescatore said.
Editors Note: Paul F. Roberts provided additional reporting for this story.