Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

McAfee announced on Oct. 3 that it has signed an agreement to acquire Citadel Security Software, which specializes in applications used to mitigate risks posed by software vulnerabilities and monitor IT systems for policy compliance.

Under the terms of the deal, McAfee will pay $56 million in cash for Citadel, which is based in Dallas, along with an additional $4 million the two companies characterized as a related expense for working capital reimbursement. McAfee officials said the deal would add to the company’s array of applications for helping enterprises identify and remediate software vulnerabilities and compliance issues.

Among the benefits of the proposed deal, McAfee said, would be its ability to fold Citadel’s tools into its regulatory compliance business, which aims to help its customers adhere to federal statutes such as the Sarbanes-Oxley Act. Citadel has a number of large customers operating in heavily-regulated industries such as the financial services and health care sectors, the companies reported.

McAfee officials said they expect the deal to close in the fourth quarter of 2006, subject to Citadel stockholder approval.

“Security risk management is emerging as one of our highest-growth opportunities [and] this acquisition will help us develop the next generation of real-world security risk management solutions that customers are demanding,” Kevin Weiss, president of McAfee, said in a statement. “With the addition of Citadel, we can offer our customers the major components of vulnerability assessment, policy compliance enforcement and remediation.”

The Citadel buyout represents only the latest in a long string of deals carried out by Santa Clara, Calif.-based McAfee in the name of expanding its compliance business. The company’s core anti-virus technologies continue to come under pressure from rivals including segment leader Symantec and newcomer Microsoft, which only recently jumped into the security applications sector.

In its last deal, announced in June 2006, McAfee acquired risk management and compliance software vendor Preventsys for an undisclosed sum. As with its plans for Citadel, McAfee said at the time that it would blend Preventsys’ security risk management and automated compliance reporting tools with its existing enterprise products and services, including its Foundstone business unit, which specializes in compliance management and was purchased by McAfee for $86 million in late 2004.

Other recent acquisitions carried out by McAfee include its buyout of SiteAdvisor in April 2006, which lent the company new technologies for use in scanning Web sites for spyware, spam, viruses and browser-based exploits. Additional acquisitions completed by the firm in recent years include its acquisitions of Entercept, IntruVert and Wireless Security.

Check out’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer’s Weblog.