Security and Risk Management Strategies Blog

Blogger: Trent Henry

It's official: Symantec is buying Vontu.

Burton Group started covering content filtering solutions in 2003, when the solution space was very new. As filters branched into both the network and endpoint, watching for content-in-motion as well as content-at-rest, we began to see the term data leakage prevention (or protection) applied. Recent DLP solutions have brought improved linguistic analysts capabilities that we hadn't effectively seen before.

Although the broader industry long questioned the value of DLP tools, Burton Group felt that--although immature--such technologies completed an important part of the information protection portfolio. Specifically, they served as the detective counterpart to preventive data controls like encryption and access/authorization management. And, now that DLP tools have four years of development under their belt, they also have preventive elements.

We've illustrated the desirability of leakage prevention in our latest update to the content-control templates in Burton Group's Reference Architecture. Here's a simplified snapshot for data-in-motion:

(Although many tools can play a role in protecting content, note the highlighted role of network- and host-based filters.)

In addition, these tools are are moving beyond confidentiality protection to address other security objectives. For example, some are playing a role in finding sensitive information at rest, which can be important not only for data protection but also for business requirements like e-discovery. Note the increasing sophistication of the architecture, with tools playing a role in retrospective information classification and analysis:

This week marks the latest in a flurry of acquisition activity in DLP. Symantec, whom we've been saying lacked this important element in its product suite, snapped up Vontu for $350 million (or, more accurately, announced plans to do so). Of the vendors covered in our original network content filtering report, here's the acquisition scorecard:

• Vontu - (to be) bought by Symantec
• Oakley - bought by Raytheon
• Provilla - (to be) bought by Trend Micro
• Tablus - bought by EMC/RSA
• Onigma - bought by McAfee
• Port Authority - bought by Websense
• (Another forgotten acquisition was AmikaNow by Entrust, which later was abandoned)

In keeping with Burton Group's notion of the "long tail of risk" (a version of which can be found on ZDNet), we're seeing these small, innovative companies satisfy an architectural gap in bigger-vendor products. Acquisitions are the means of normalizing the preventive/detective portfolio for data protection. If the acquiring companies execute well--and we have some suggestions for them on this front--then the result will be better information security platforms for enterprises.

The bottom line? We like this acquisition. It makes a huge amount of sense for Symantec in filling out its strategy around information-centric security. By providing capabilities to protect content in motion and to keep an eye on sensitive data at rest (like information stored in Enterprise Vault), Vontu helps satisfy a pressing architecture need.