McAfee on Tuesday announced it will acquire substantially all of the assets of Citadel Security Software for approximately $56 million in cash, plus an estimated $4 million in working capital reimbursement.
With this purchase, McAfee picks up a security policy compliance and vulnerability remediation vendor that puts a layer of management over its low-level scanning and cleaning software.
Citadel’s flagship product is Hercules Enterprise Vulnerability Management suite, which includes Compliance Manager, Patch Manager, Remediation Manager and Enterprise Report Manager.
Rather than the anti-virus and spyware focus of McAfee’s current products, Hercule’s software is designed to ensure the confidentiality of information, and mitigate risks inherent with IT operations.
Hercules also facilitates compliance with organizational security policies and government mandates such as FISMA, HIPAA,
So why does a security company need SarbOx compliance software?
“Regulatory compliance has focused people on policy management, and having been focused on in that, many people have said it’s probably a good idea to apply this to other areas,” said Peter Christy, co-founder of the Internet Research Group.
Companies are changing their security methodology from spot security of the individual machines to holistic security, or network-wide security. The major impact of Sarbanes-Oxley compliance is to demand to know what your system is really doing, which is essentially the same issue when it comes to virus and spyware issues.
“Security risk management is emerging as one of our highest-growth opportunities. This acquisition will help us develop the next generation of real-world security risk management solutions that customers are demanding,” said Kevin Weiss, president of McAfee in a statement.
Companies like McAfee and Symantec have been working hard on what’s called policy-based security with a stronger sense of central management. These security companies are scrambling to bring together the pieces they need to be a broad supplier.
“The most important thing that’s happened is a realization among companies, catalyzed by regulatory compliance, that it’s actually important to know what your security system does rather than just be slightly familiar,” said Christy. McAfee has been one of the more aggressive companies in that regard, he said and has always had a strong policy-based offering.
The transaction is expected to close in the fourth quarter of 2006.