McAfee Buyout of Sentrigo Sends Database Security Market In New Direction

  /     /     /  
Publicated : 22/11/2024   Category : security


McAfee Buyout of Sentrigo Sends Database Security Market In New Direction


Database security isnt just for database companies anymore, observers say



McAfees announcement this week that it would buy database security monitoring firm Sentrigo proves that database security is becoming a more integral part of broader enterprise security solutions -- and not just those offered by database vendors.
Most of the previous acquisitions were mainly by database vendors -- except for Symantec, which did try to build its own database security solution three years ago, but it failed to sell, and they had to kill the product line, says Forrester Research principal analyst Noel Yuhanna, who believes McAfee made a wise move in buying instead of building.
Most recently the database security mergers and acquisitions market has been dominated by big deals from companies such as Oracle and IBM who have picked up database security companies to augment their existing database management system (DBMS) platform offerings.
Oracle recently released its Oracle Database Firewall based on the 2010 purchase it made of standalone player Secerno. While the release supports multiple DBMS platforms, it was particularly targeted to augment Oracles platform positioning.
Meanwhile, following IBMs 2009 acquisition of Guardium, the company worked to align Guardium with its in-house database and mainframe offerings. Last fall IBM released expanded mainframe transaction monitoring and vulnerability assessment for DB2 on the mainframe, an upgrade that was helped along by the added Guardium expertise.
In McAfees case, this acquisition is instead about completing an overall data security architecture that would be incomplete without database security.
McAfee is known for security when it comes to email, network, Web, and data. But an area they have never ventured out into has been databases, and this acquisition jump-starts this area -- which makes sense since they lack the expertise. McAfee wants a bigger piece of the data security and GRC [governance, risk, and compliance] market, and without database-level security that cannot be achieved.
Yuhanna believes that McAfees entrance into database security market stands to bolster a rapidly ascending security niche. He estimates that the $650 million market stands to double over the next four years.
According to some,
McAfees choice of Sentrigo over larger players in the database activity monitoring (DAM) market
was a bit of a surprise. However, because Sentrigo was the OEM provider of McAfees database security product and Sentrigos technology is integrated into McAfees e-Policy Orchestrator (ePO), the choice makes sense, experts say.
According to Yuhanna, Sentrigo likely offered a better acquisition price than the other players, as well. I think McAfee played their cards right because they did pick a strong DAM vendor, probably at a very attractive price. Imperva and Application Security would have been more expensive, he explains.
McAfee officials say that while ePO integration certainly played a factor in the decision to go with Sentrigo, it was the technology and people that sealed the deal.
[Sentrigo is] not the biggest currently, but from our perspective they had the best technology, the best vision, and the best people, says Martin Ward, senior director, risk and compliance product marketing, for McAfee. We didnt buy Sentrigo just because it fits into ePolicy Orchestrator. The technology itself is hugely differentiated. Of course, we will use ePO as an advantage because anyone designing security for a data center is not going to be thinking only about the databases.
Sentrigo is being integrated into McAfees GRC business unit, which offers a broad array of security capabilities for the enterprise. McAfee, itself, was recently acquired by Intel, which makes an even wider range of enterprise IT products.
Ward says McAfee was attracted by Sentrigos ability to complement the McAfee GRC teams vulnerability and risk management operations, as well as its compliance strategies.
They complement the vulnerability and risk management stuff by bringing in the vector for databases. Same thing on compliance -- they have database activity monitoring, which fits right into our continuous compliance strategy, Ward says.
While the addition of database security to the overall GRC stack makes sense within McAfees strategic framework, its previous lack of experience in the insular world of database management could be more difficult to overcome than it thinks, says Josh Shaul, chief technology officer at AppSec
It really is the first time a big security company has made a foray into the database security space, at least in the recent past, Shaul says. IBM purchased database security vendor Guardium and data analytics vendor Netezza in separate deals in 2010.
I think the real challenge that McAfee will face is bridging the gap between their traditional market of information security teams and the database administrators that you have to be very close with in order to be successful in the database security space, Shaul says. Thats the hurdle for McAfee to overcome.
Overall, Shaul says his company is excited for the deal, and he expects McAfee will bring even more attention and marketing dollars to the database space, in general. However, the purchase of Sentrigo leaves both AppSec and rival Imperva as the last standalone DAM players in what was once a crowded field.
It leaves AppSecInc and Imperva as the big players who are strong enough to stand on their own for now -- but puts pressure on them to develop their strategic vision, which is a traditional depth vs. breadth challenge in the security space, says Pete Lindstrom, research director for Spire Security. I think [AppSecIncs and Impervas] capabilities are proven -- and now that we’ve done a round of application security acquisitions, the database space may be more attractive to acquirers. Database security solutions can be much more effective out of the box than application security tools, but they are much less sexy as well.
Forresters Yuhanna says he wouldnt be surprised to see either AppSec or Imperva snatched up sometime down the line. They have very good technology, and its just a matter of time that they will be acquired by a security or database security vendor, he says.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
McAfee Buyout of Sentrigo Sends Database Security Market In New Direction