Microsoft hopes to harpoon Whale to help enterprises beef up security for Web applications and mobile devices.
Microsoft Corp. of late announced that it has signed a definitive agreement to acquire Whale Communications Ltd., a leading provider of secure access products, including secure sockets layer (SSL) virtual private networks (VPN) and Web application firewalls.
The acquisition would bulk up Microsoft’s recently formed Security, Access and Solutions division. It is meant to broaden Microsoft’s security offerings and give its customers more options in providing secure access to their networks from more locations and devices, Microsoft said in a statement.
Whale, based in Fort Lee, N.J., makes technology including Secure Socket Layer Virtual Private Network (VPN) software and appliances, which let businesses give secure remote access to their networks. Rivals in the space include Cisco Systems, Juniper Networks, Aventail and Citrix Systems.
Whale specializes in providing Secure Sockets Layer VPN appliances as well as Web application firewalls to help companies protect themselves against SQL injection attacks. Whale’s Intelligent Application Gateway SSL VPN is expected to complement the security and access capabilities already built into Windows Server and Microsoft’s Internet Security and Acceleration, or ISA, server.
In addition, Whale’s solutions provide remote access, deep content inspection and granular access control, enabling businesses to protect corporate applications and data when accessed remotely by mobile workers, partners and customers. The acquisition will give Microsoft’s customers a broader range of choices for providing secure access from more locations and devices.
The acquisition gives Microsoft access to some key technology: application optimizers for Outlook Web Access, SharePoint, IBM Lotus Domino, Lotus Domino Web Access, SAP Enterprise Portal, and EMC Documentum Webtop. One function of these application optimizers is to inspect and validate data as it is inputted into Web applications, a step that is critical for blocking SQL injection attacks, which are initiated when an attacker enters code into a Web data field that tricks a login screen into providing unauthorized access to sensitive information.
“SQL injection attacks are at the foundation of the case against Eric McCarty, a 25-year-old network administrator with Cisco and Microsoft certifications facing up to 10 years in federal prison for allegedly damaging the University of Southern California’s online application system. He allegedly used SQL injection attacks in a June 2005 unauthorized penetration test of USC’s Web applications. He is accused of extracting data from an SQL database containing Social Security numbers, birth dates, and other information for more than 275,000 USC applicants since 1997.“
Together, these technologies offer remote workers simplified access from more locations and a broader range of managed and unmanaged devices, including PCs, Internet kiosks and mobile devices. When used with Windows services such as Active Directory, the solution enables IT administrators to better control and enforce information usage guidelines through customized policies based on device, user, application or other business criteria.
Microsoft does not currently have an SSL VPN product, but does have some security access technologies. "That is what this announcement is about; we are trying to bridge the gap between security and access," Steve Brown, a director of product management at Microsoft, said in an interview.
“Our customers are faced with balancing the need to protect their data and network infrastructure with the connectivity needs of an increasingly mobile work force, said Ted Kummert, corporate vice president of the Security, Access and Solutions Division at Microsoft.”
The acquisition of Whale’s complementary technologies is a key part of meeting that commitment. Whale is a pioneer in Windows-based SSL VPN and Web application firewalls that help protect and provide more secure access to high-value business applications while tightly integrating with critical IT infrastructure.
We are committed to providing a comprehensive secure access platform that helps customers easily extend and manage the reach of their information systems.
As part of Microsoft’s Security, Access and Solutions division, formed earlier this year, Whale’s technology will join other security products Microsoft has acquired, including Antigen for Exchange, Antigen for SMTP Gateways, Antigen Spam Manager, and Antigen Enterprise Manager, which Microsoft acquired along with Sybari in June 2005. The Security, Access and Solutions division, led by Kummert, also offers anti-virus software from Romanian acquisition GeCAD Software and anti-spyware software from Giant Company Software.
Microsoft has been building a security business. The software giant has made several security-related acquisitions, including ID management company Alacris last September and hosted e-mail security provider FrontBridge last summer. Next month, the company is slated to start selling Windows OneCare Live, its first consumer antivirus product.
Analyst firm Gartner rates Whale as "visionary" in the SSL VPN space because it has gone further than other vendors in developing special optimizations for applications, including Microsoft’s SharePoint and Outlook Web Access, as well as IBM’s Domino products, according to a Gartner report published in December.
"We built our company and technologies around the key customer requirement of secure, anywhere, anytime remote access to business applications," said Roger Pilc, CEO of Whale Communications. We are excited about what this acquisition will mean for our customers given Microsoft’s focus on providing policy-based secure access to information assets from beyond the corporate network.
Enterprises, both large and small, are looking for easier, more flexible, secure remote access options, said Charles Kolodgy, research director for the Security Products program at IDC. This acquisition means customers will have a compelling offering from Microsoft that brings together the benefits of application protection, platform integration and broad access.
Whale has been a Microsoft partner since 2002, and the company started reselling ISA Server in December 2005. Whale will maintain all current operations until the close of the transaction, Microsoft said. The deal is subject to regulatory approval.
Microsoft hopes to close it in the "next couple of months," a company representative said. Terms of the deal were not disclosed.
Microsoft declined to comment on an Israeli news report that it paid $75 million for Whale, which has engineering operations in Israel.