Websense Moves into Leakage Prevention with PortAuthority Buy

Security software maker Websense announced Dec. 20 that it has signed an agreement to acquire data leakage prevention specialist PortAuthority Technologies for approximately $90 million in cash.

Through the deal, Websense is attempting to expand its footprint beyond the malicious content identification sector and offer security tools that provide enterprises with both external protection for IT networks and internal controls to help prevent the loss of sensitive information.

Industry experts have tabbed the DLP (data leakage prevention) space in which PortAuthority competes as a potential growth market in the coming years as businesses work to limit the exposure of confidential information. The Palo Alto, Calif.-based company's software is meant to help firms track and control the flow of sensitive data, preventing workers or thieves from broadcasting or stealing information that could harm businesses or expose employers to penalties related to government data-handling regulations.

Labeled by the company as an effort to create "pre-emptive content security," the acquisition underscores the growing trend toward software makers that provide integrated bundles of IT security applications that promise to solve multiple business problems, versus so-called stand-alone point products.

The movement toward such packaged security applications is being driven by numerous acquisitions made by anti-virus market leaders Symantec and McAfee, as well as the entry of software giant Microsoft into the security space and the desire among enterprise IT departments to deal with fewer individual technology vendors.

San Diego-based Websense had previously detailed plans to release a DLP applications package some time during 2007, and the company established an official technology development pact with PortAuthority in September 2006. That work will allow the combined company to launch products that integrate their respective technologies in the near future, officials said.

Websense executives said the addition of PortAuthority will allow organizations using the jointly developed products to prevent the unauthorized use or disclosure of confidential data while simultaneously protecting users and data from external malicious threats.

Click here to read more about PortAuthority's data leakage system.

"Today's high impact security threats aren't about a worm overloading your mail system, they are about people stealing your proprietary information," said Gene Hodges, chief executive of Websense, in a statement. "Through this planned acquisition, Websense gains not only PortAuthority technology but the security-savvy engineers that have developed this industry-leading technology."

Hodges said that Websense also plans to maintain PortAuthority's Israel-based research and development operations, and to use the acquired company's existing channel partners to distribute products in the future.

PortAuthority Chief Executive Pete Foley called the pending deal a "natural evolution" for both companies, based on synergies between Websense's security software and his firm's information leak prevention technology.

The companies said that PortAuthority stockholders have approved the acquisition, which will be officially executed as a merger between a subsidiary of Websense and the company. The merger is expected to close before the end of January 2007.

Security software market analysts have been calling for significant consolidation in the space since at least 2005, but some industry watchers are predicting that 2007 may be the year when the trend is finally realized.

On Dec. 19, Check Point Software Technologies announced an agreement to acquire network intrusion detection software maker NFR Security for approximately $20 million, adding NFR's hybrid detection engine technology to its own remote access and network security products.

While a handful of high-profile deals were pulled off in the security sector during 2006, including EMC's buyout of RSA Security for $2.1 billion and IBM's acquisition of Internet Security Systems for $1.3 billion, some experts contend that a larger number of deals will materialize in 2007 as pressure on stand-alone security providers' increases.

"Among the deals that we do see, I think there will continue to be more deals where non-traditional security players invest in security technologies, such as with the RSA deal, and more examples of large security companies investing in non-security acquisitions to expand their business models, as with Symantec getting into storage with its acquisition of Veritas," said John Pescatore, analyst with Gartner, in Stamford, Conn.

"Microsoft's arrival in security will definitely put pricing pressure on existing vendors and cause the market to paddle faster to stay ahead or disappear," he said. "Even some relatively large vendors such as Trend Micro, McAfee, Sophos and Panda will have to innovate a lot faster in addressing new threats, or enter new markets, to remain competitive in this environment."

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine's eWEEK Security Watch blog.