McAfee to buy Foundstone

Officials at McAfee Inc., known for its antivirus software and intrusion-prevention systems, are now adding vulnerability management to the company's arsenal of security offerings.

Officials at the Santa Clara, Calif.-based company said last week that they intend to buy Foundstone Inc., a maker of vulnerability management hardware, software and services, for $86 million.

The acquisition would enable McAfee officials to offer a comprehensive set of risk management and prevention products that information technology managers can use to protect their organizations and agencies against cyberattacks, according to company officials and industry analysts.

"The perception of McAfee is that we are an antivirus vendor," said Robin Matlock, senior vice president of field marketing at McAfee. However, "we are proving that we are much bigger than antivirus. We [can offer] a proactive and preventive approach to security."

With the acquisition of Foundstone, Matlock added, "we can offer sophisticated risk management and mitigation of risks through [our] intrusion-prevention portfolios."

Vulnerability management hardware and software help IT managers identify which systems are targets for attacks and intrusions. The software also recommends appropriate actions they can take to fix problems.

Foundstone and Qualys Inc. are the leading providers of vulnerability assessment services, according to Pete Lindstrom, research director for Spire Security LLC.

McAfee officials are making a good move by acquiring Foundstone, he said. The combination of the two companies' products will give users a more comprehensive ecosystem for network security, he added.

McAfee's vulnerability assessment products and services will give administrators more information about their organizations' infrastructure so they can regularly update the access control points in the network, Lindstrom said. They can then take the information generated by the vulnerability scanners and create rules for blocking attacks for the intrusion-prevention systems to follow, he said.

McAfee officials will initially sell the Foundstone vulnerability management solutions as stand-alone products until they can be integrated into the McAfee product line, Matlock said. The transaction is expected to be completed in the next 60 days, she added.