Sophos Ltd. today made a move into the network security space by announcing its intention to acquire Astaro GmbH & Co. KG. Traditionally an endpoint protection company, Sophos has branched out, via acquisitions during the past five years to offer a deeper portfolio of products that includes encryption, application control, data protection and network access control. Terms of the deal were not announced.
The security landscape is getting nastier too, and smaller companies realize having basic protection or none at all doesn’t cut it.
Arabella Hallawell, vice president of corporate strategy, Sophos Ltd.
Astaro specializes in network security hardware, software and virtual appliances for SMBs and midmarket organizations. Its Astaro Security Gateway products serve small shops of 10 or fewer employees, all the way up to 5,000, and provide integrated network security offerings including VPN, firewall and intrusion prevention technology.
Unified threat management, Astaro’s primary business, is attractive to the midmarket because of its form factor, ease of management and relative costs compared to buying individual best-of-breed products. IDC puts the UTM market at $2 billion worldwide for 2010.
According to a Sophos press release, Astaro did $56 million worth of business last year and had 30% year-over-year growth, making it the fourth largest UTM vendor. Astaro has more than 200 employees, and is based in Karlsruhe, Germany, and Wilmington, MA.
More on Sophos:
Sophos integrates encryption into endpoint, email security:
Sophos Endpoint Security and Data Protection is the first software to integrate encryption from its acquisition of Utimaco in 2008.
Sophos sells majority stake to private equity group:
Apax Partners, a private equity investment firm, buys a majority interest in computer security vendor Sophos. Sophos is valued at $830 million in the transaction.
Strategically, the acquisition gives Sophos visibility into endpoint and network activity, data that can be centrally managed and reported. Sophos sees an opportunity to close a market and portfolio gap with the acquisition by eventually integrating Web and application security controls with network security, according to vice president of corporate strategy Arabella Hallawell. She said there currently is no coordination between endpoint and network security that provides visibility for respective admins and analysts into what’s happening on either platform.
Astaro’s Security Gateway products are its principal offering. Its three form factors, including a virtual appliance, combine firewall, IPS, denial-of-service protection and remote office connectivity via IPsec- and SSL-based VPNs. Astaro also offers log management and mail archiving, as well as a management console.
“If you look at some current IT trends, there are many more distributed worksites, especially the rate SMBs are adding remote sites is increasing quickly,” Hallawell said. “It becomes untenable to add more devices and locations. The security landscape is getting nastier too, and smaller companies realize having basic protection or none at all doesn’t cut it. We looked closely at this area and it became clear there was unmet need for better integrated security that includes Web and application security controls and policy controls.”
In the short term, expect to see Sophos incorporate its threat prevention technology, including real-time lookups on malicious websites into the Astaro gateways. In addition, some initial coordination between the two product lines could include some policy setting and reporting for events on the Astaro line integrated with Web filtering and malicious site detection and enforcement on the Sophos endpoint.