Blue Coat has been expanding ever since its own acquisition by equity firm Thoma Bravo for $1.3 billion in December 2011. This year it has already bought Crossbeam Systems and Netronome Inc. Today it has announced an agreement to buy Solera Networks for an undisclosed sum. Informal discussions between the two company CEOs (Greg Clark at Blue Coat and Steve Shillingford at Solera) apparently began a year ago, initially to explore ways of working together. This has now firmed into an acquisition expected to be completed by the middle of next month.
The combination of the two companies makes security sense. Blue Coat’s expertise is in protecting its customers from threats on the web: it quickly recognizes and blocks malicious websites. While necessary and important, this approach on its own suffers from one major weakness – it has little visibility on any threat that manages to get inside the perimeter and on to the network. Advanced and targeted threats have little difficulty in doing this.
Solera’s expertise is inside the perimeter. Here there are two basic approaches that can be taken: alert-based security such as that provided by SIEM systems, and intelligence-based systems based on network analytics. Solera is of the latter. Solera’s DeepSee software uses deep packet inspection to analyze network traffic and build a timeline of suspicious activity. Since there is, in advanced attacks, often a latency between infiltration and data exfiltration, DeepSee attempts to prevent damage inside the perimeter for any attack that Blue Coat on its own did not stop outside of the perimeter.
"So, fundamentally, [when] you put Solera’s capabilities [in] advanced malware detection and [its] security analytics [together] with all of the intelligence that Blue Coat is capturing on the Internet, you get their peanut butter and our chocolate combination, which is pretty exciting to both companies," Shillingford said (as reported in Salt Lake Tribune).
“Today’s approach to securing the enterprise is missing an essential element,” explains Clark: “the ability to defend, react and resolve security issues by efficiently mining a very large dataset of network history to gain previously unavailable insights. The future of the industry is moving beyond just blocking malware and stopping targeted attacks to also identifying and resolving the full scope of the attacks in real time. Retrospective capture and analytics are now an essential component of modern security architecture,” he added.
The peanut butter and chocolate view is not lost on Charles Kolodgy, research vice president, security at IDC. “Traditional security solutions are becoming obsolete against today’s advanced threats, as evidenced by constant stories announcing data breaches,” he said. “Discovery and prevention of emerging threats has become one of the most critical priorities for C-level executives. Bringing together Solera’s innovative security analytics capabilities with Blue Coat’s comprehensive Web intelligence should allow customers to fully monitor and enforce countermeasures on networks constantly under attack.”
Solera, together with Netronome, will become part of Blue Coat’s Resolution Center – one of five new technology centers announced today.