RealTime IT News

Sophos' Utimaco Buy Targets Endpoint Security

The software security industry has long defied the inevitable consolidation that takes place in any sector, thanks to the ever-growing need for a variety of security products. Whether it's Russian malware, a lost notebook or an employee going off the rails, there's a wide variety of security needs and as many products to go with it.

However, consolidation is slowly taking place. End point security vendors seem to be especially popular. Last year, Symantec bought Vontu, McAfee Onigma and Websense acquired PortAuthority Technologies.

Now add Sophos, the UK vendor of anti-malware software for businesses, to the buying spree list. The apple of its eye is Utimaco Safeware AG, a German firm that provides end-point data encryption software. Sophos will pay 217 million Euros, or US$340 million, to acquire the firm in a deal that will require outside financing, as Sophos only had $139.3 million in cash on hand as of March 31, 2008.

The deal is subject to a variety of European Union approval hoops, but Sophos hopes to complete the merger by October of this year. Utimaco will become a Sophos business unit focused on data security and remain based in Germany.

Integration of Utimaco's technologies into Sophos' products will occur over the next 12 to 24 months, according to Peter Norman, vice president of product management and corporate development at Sophos.

Utimaco develops software for data encryption and centralized management of the data. Data is encrypted for secure transmission from clients to and from servers. By encrypting client data, if a laptop is lost or stolen, the data on it becomes useless to whomever acquires the laptop.

Broader security protection

Norman said the firm has in recent years expanded its endpoint software from just malware detection to broader security protection. "Strategically, we think that protecting information and encrypting it will be as big a must-have option as anti-malware," Norman told InternetNews.com.

"It's a basic information protection tool. The world has moved toward protecting information," he added. "To do good security, you need to be able to do more than just detect malware. We've got a classification engine that operates every time you operate on your computer to assess the state of the computer. Is your antivirus up to date? Is the firewall configured properly? If not, we update them."

Paul Roberts, senior analyst in the enterprise security practice for The 451 Group, said he's "pretty bullish on this deal. Sophos has been saying for a while that they are interested in adding encryption to their endpoint security story," he said. "It's a story that makes a lot of sense for a company like Sophos, doing malware scanning on the end point, with a policy enforcement product to add encryption to it."

He also said it's good for both companies because it opens them both to new markets. "Utimaco have a low profile in the U.S. market. They are stronger in Europe, particularly northern Europe. That's good for Sophos, who are strongest in UK and America," he said.