IDS Feeding Frenzy Continues
The deal, which is expected to be completed within 45 days, is the latest in a string of startup acquisitions in this market. Last summer, NetScreen Technologies Inc. (Nasdaq: NSCN) acquired IPS startup OneSecure (see NetScreen Acquires OneSecure), and Cisco Systems Inc. (Nasdaq: CSCO) has recently bought two IDS-related startups, Psionic and Okena (see Cisco's Serious About IDS).
"There has definitely been a feeding frenzy around IDS... hardware, software, network, host... it all seems hot from an acquisition standpoint," writes Infonetics Research Inc. analyst Jeff Wilson in an email. "I think it is pretty clear that most networking and security vendors see that IDS/IPS is the next major growth area in security, so they are all trying to round out their offerings in that area."
"We feel that [the acquisition] very much validates what we did six months ago with the acquisition of OneSecure," says Chris Roeckl, NetScreen’s director of corporate marketing.
Although the network security market is still dominated by older technologies such as firewalls and VPNs, a recent study by Infonetics shows that the market for intrusion detection and prevention systems (IDS/IPS) will experience explosive growth over the next couple of years (see Report: IDS Takes Flight). While this market had revenues of just $382 million in 2002, the Infonetics forecasts that revenues will more than quadruple – to $1.6 billion – by 2006.
The enormous potential of this market could explain why Network Associates would want to write a whopping $100 million check for a private company with a mere $37 million in funding to date. Most observers agree that IntruVert is a good buy. Since launching its IntruShield 2600 and 4000 products less than a year ago, the company has amassed nearly 20 paying customers, including Prudential Financial, Inc. and HomeBanc Mortgage Corporation, and has won several industry awards and tests (see IntruVert Protects HomeBanc Mortgage and IntruVert Wins Security Test).
"IntruVert has a pretty decent product," says Frost & Sullivan analyst Jason Wright. "There are some really great technologies coming out of that place."
While traditional intrusion detection technologies have been around for a while, increased interest in the technology was spurred when it evolved from simply detecting intrusions to being able to actively prevent them. An active prevention system that constantly informs the firewall of what to block and what not to block wasn't possible before, since legacy IDS technologies turned up too many false negatives and interfered with good traffic. With no way of checking every alarm, systems administrators often decide to shut off the IDS system altogether.
Recently, however, companies like IntruVert, OneSecure and TippingPoint Technologies Inc. have produced technologies that they claim solve the false-alarm problem. "We have a technology that combines multiple ways of detecting intrusions and attacks. They feed into each other and create a comprehensive solution," says IntruVert CEO Parveen Jain, pointing out that the IntruShield 2600 and 4000 feature signature detection, anomaly detection, and denial of service detection, all at multi-gigabit speeds. This, he says, ensures that the red light only starts flashing when truly malicious traffic is trying to get into the network. "We offer very comprehensive attack-coverage."
Regardless of whether IntruVert and its competitors have actually solved the accuracy problem that has plagued the IDS space, Frost & Sullivan's Wright says it will still take a while for customers to trust the technology enough to actually switch on the automated prevention feature. "Marketwise, IntruVert was a company kind of ahead of its time," he says. "The market, generally speaking, hasn’t accepted this technology." He points out that only about half of IntruVert’s customers have deployed the prevention function of the technology.
Sandra England, Network Associates’ executive vice president of corporate development and strategic research, acknowledges that it could take a little while to build the customers’ trust in the technology. "The technology will have to prove itself," she says. "Most people will install the devices in the beginning simply as a detection technology. Then, when they’re comfortable with the technology, they’ll move to inline blocking… I think it will quickly prove itself."
While most observers agree that IntruVert’s IDS/IPS platform is a good one, not everyone understands how the company’s technology will fit into Network Associates’ portfolio, which is dominated by antivirus and sniffer software technologies.
"They don’t really have complementary technologies," Wright says. "They’ll have to rely heavily on the leadership of [IntruVert] to move the development forward… I think it’s a little bit of a mismatch."
Not everyone agrees, however. "Between their role in overall network management and the capability of the Sniffer products, IDS makes good sense for NA," Infonetics' Wilson writes. "I would assume they even considered building IDS products internally."
NA says it will continue selling IntruVert's gear as standalone products for now, but it expects to gradually integrate it into its management platform. By late 2004, England says, IntruVert's technology will become the platform used for all of NA’s hardware offerings.
Competitor NetScreen, however, says that while the standalone IDS/IPS boxes IntruVert produces should sell well to begin with, NA is sure to hit some snags as the market continues to evolve. "We ultimately see the firewall and intrusion detection/prevention markets merging," Roeckle says. With no firewall offering, NA will have a hard time keeping up with the market demand, he insists.
NA says it plans to retain most of the approximately 80 employees currently working at IntruVert. "We value the employees very much," England says, although she admits that "Where there are redundant functions, we’ll take a look if it makes sense to reduce headcount."
— Eugénie Larson, Reporter, Light Reading