WebSense to offer security inside and out

A year ago, WebSense was another company competing in the crowded market of hard-to-distinguish Web security offerings.

Today, with two recent acquisitions, the company has added e-mail security and data-leak prevention to its portfolio. If the integration of these three product types is done correctly, analysts say WebSense stands to make a meaningful distinction in the muddled security market.

WebSense on Wednesday announced the completion of its $400 million acquisition of SurfControl, which develops e-mail security products and services. Late last year WebSense acquired Port Authority, makers of data-leak prevention products, for $90 million.

With this combination, observers say WebSense has a good story to tell, assuming the company can elegantly integrate products from the three areas.

“They’ve got a lot of good property and they are positioning themselves nicely, but they’ve got a lot of integration work to go,” says Peter Firstbrook, research director, with Gartner’s information security and privacy group. “But they’ve got to move really quickly, no one is sitting still and there’s lots of converging players in this space.”

In July WebSense announced it had integrated Port Authority’s content protection suite with its ThreatSeeker Web security product, and is currently fusing features from SurfControl’s e-mail security technology as well.

Combining Web filtering with e-mail protection isn’t new; many competitors do it in one form or another, including Cisco’s IronPort, Symantec, McAfee, Trend Micro, Secure Computing, Google’s Postini, and many others.

And adding insider-threat protection to a perimeter security product has also been popular lately, whether it be in the form of monitoring employee actions or scanning outbound communication against a dictionary of sensitive terms to ensure that confidential information isn’t leaking out of a company.

But in the case of Port Authority, WebSense has the advantage of now owning a relatively mature offering that works to protect against data leaks at both the network and endpoint level, instead of having to develop these additional security features from scratch.

Leo Cole, WebSense’s director of marketing, offers the example of security giant McAfee, which acquired data-loss prevention vendor Onigma last year and launched its first product in this space in February; that product only protects data at the endpoints.

“There’s certainly movement in the market toward” integrating security functions for internal and external protection, Cole says. “It’s the combination of what you know about your employees combined with what you know about malicious activity on the Internet…we’re the only company that can set granular policies and enforce them around information protection.”

Gartner’s Firstbrook points out that SurfControl was not a leader in the e-mail security market when WebSense acquired it, referring to the bought vendor’s technology as somewhat “old school.” However, SurfControl earlier last year purchased Black Spider, adding e-mail security services that are becoming increasingly popular with enterprises to its offerings. WebSense plans to leverage that base to offer some of the data-leak prevention capabilities it gained through the Port Authority acquisition as a managed service as well, Cole says.