WebSense to offer security inside and out

Security vendor integrates internal and external threat protection

Having made two acquisitions within the last year, Web security vendor WebSense is expanding rapidly into e-mail security and data-leak prevention.

A year ago, WebSense was another company competing in the crowded market of hard-to-distinguish Web security offerings.

Today, with two recent acquisitions, the company has added e-mail security and data-leak prevention to its portfolio. If the integration of these three product types is done correctly, analysts say WebSense stands to make a meaningful distinction in the muddled security market.

WebSense on Wednesday announced the completion of its $400 million acquisition of SurfControl, which develops e-mail security products and services. Late last year WebSense acquired Port Authority, makers of data-leak prevention products, for $90 million.

With this combination, observers say WebSense has a good story to tell, assuming the company can elegantly integrate products from the three areas.

“They’ve got a lot of good property and they are positioning themselves nicely, but they’ve got a lot of integration work to go,” says Peter Firstbrook, research director, with Gartner’s information security and privacy group. “But they’ve got to move really quickly, no one is sitting still and there’s lots of converging players in this space.”

In July WebSense announced it had integrated Port Authority’s content protection suite with its ThreatSeeker Web security product, and is currently fusing features from SurfControl’s e-mail security technology as well.

Combining Web filtering with e-mail protection isn’t new; many competitors do it in one form or another, including Cisco’s IronPort, Symantec, McAfee, Trend Micro, Secure Computing, Google’s Postini, and many others.

And adding insider-threat protection to a perimeter security product has also been popular lately, whether it be in the form of monitoring employee actions or scanning outbound communication against a dictionary of sensitive terms to ensure that confidential information isn’t leaking out of a company.

But in the case of Port Authority, WebSense has the advantage of now owning a relatively mature offering that works to protect against data leaks at both the network and endpoint level, instead of having to develop these additional security features from scratch.

Leo Cole, WebSense’s director of marketing, offers the example of security giant McAfee, which acquired data-loss prevention vendor Onigma last year and launched its first product in this space in February; that product only protects data at the endpoints.

“There’s certainly movement in the market toward” integrating security functions for internal and external protection, Cole says. “It’s the combination of what you know about your employees combined with what you know about malicious activity on the Internet…we’re the only company that can set granular policies and enforce them around information protection.”

Gartner’s Firstbrook points out that SurfControl was not a leader in the e-mail security market when WebSense acquired it, referring to the bought vendor’s technology as somewhat “old school.” However, SurfControl earlier last year purchased Black Spider, adding e-mail security services that are becoming increasingly popular with enterprises to its offerings. WebSense plans to leverage that base to offer some of the data-leak prevention capabilities it gained through the Port Authority acquisition as a managed service as well, Cole says.

WebSense is telling this story of unified threat protection from external and internal sources to its existing customer base – which the company says totals more than 50,000 organizations following the SurfControl acquisition – and to lure other customers away from vendors of so-called point products that only address one type of threat. But in this sea of data-leak prevention start-ups, customers may be attracted more by the fact that WebSense is an established company than anything else, says one analyst.

“Users would rather have a less-efficacious product from a company they trust to be around than a better product from a company who’s financially questionable,” says Nick Selby, director of The 451 Group’s enterprise security practice. “If you’re buying from a WebSense or McAfee, chances that those companies will be around in three years are pretty high.”

Learn more about this topic

Websense makes US$400M bid for SurfControl


Websense announces deal to buy PortAuthority


SurfControl adds managed services to security suite


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.