Symantec Thursday announced it has entered into an agreement to acquire start-up WholeSecurity, maker of behavior-based security and anti-phishing products. The value of the deal was not disclosed.
Behavior-based software identifies malicious code, including Trojans, viruses and worms, by its behavior on computers, such as attempting to access a registry. This is in contrast to the more traditional signature-based method of identification, which looks for an exact match with attack code. While behavior-based software sometimes lacks the accuracy of signature-based approaches, the main advantage is that it can block malicious code in the early stage when before it's fully analyzed.
"It's the zero-hour protection," says Brian Foster, senior director for product management at Symantec, about why Symantec wants to acquire WholeSecurity's technologies. "We'll continue to sell WholeSecurity's standalone products."
In addition, Symantec envisions combining WholeSecurity's behavior-based software with technology from Sygate, which Symantec is also in the process of acquiring. Sygate makes policy-enforcement and desktop firewall software that ensures security policies, such as use of VPN, anti-virus or patch updates, are followed.
"In the future, we see combining both into a single product for host integrity, perhaps with our Symantec anti-virus and Client Security products," says Foster.
WholeSecurity offers products that include Confidence Online for Corporate PCs, Confidence Online Phish Finder, and Confidence Online for Web Applications, which can scan a remote machine that doesn't have a behavior-based agent on it to clean or block infected computers from gaining access to Web applications. WholeSecurity customers include eBay, Deutsche Bank and Visa.
The company was launched by Tony Alagna in 2003 with US$8.5 million in venture-capital funding from Venrock Associates and New Enterprise Associates.
The acquisition by Symantec is expected to close in October.