We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

BeyondTrust eyes app security with eEye acquisition

BeyondTrust has acquired partner eEye Digital Security, taking in-house the application security features BeyondTrust sold with its privilege management software.

BeyondTrust announced the purchase Wednesday without releasing financial details. The 100-employee eEye will be absorbed into BeyondTrust, including management. The combined company will have 250 employees and 2,000 customers.

BeyondTrust sells software that controls the applications and other assets an employee has access to on a corporate network. Being able to set and monitor employee privileges keeps workers from data they shouldn't have access to, while also establishing an order that, if disrupted suddenly, could indicate someone from the inside of an organization is seeking unauthorized access to information.

Once access rights are established, the next logical step is to make sure applications employees are using have been updated to the latest version and are not carrying any malware. That's where eEye comes in.

EEye provides a software console for vulnerability analysis and reporting. The company also sells antivirus software for intrusion prevention. The antivirus software includes real-time alerting.

One of the smallest companies in the endpoint protection platform market, eEye has a limited presence outside North America and in organizations of more than 500 employees, a recent report from Gartner said.

The product also lacks data encryption and data loss prevention capabilities and only supports Windows desktop and server platforms, which mean organizations with Macs and specialized servers, such as those for Microsoft Exchange and SharePoint, are out of luck.

BeyondTrust plans to spend some money beefing up eEye's technology. Chief Executive John Mutch said he planned to spend more than a quarter of revenue on research and development dedicated to the companies' joint product lines.

While vague on the combined company's future plans, Marc Maiffret, who went from chief technology officer of eEye to CTO of BeyondTrust, said Thursday he planned to take an "operationally-focused approach" in helping customers tighten security. This approach includes improving capabilities for automated patching of software, for privilege management, and for making and monitoring configuration changes to servers, desktops and laptops.

One application-security model BeyondTrust didn't plan to focus on was whitelisting. Such an approach would give customers' employees access only to applications vetted by BeyondTrust or a third-party. Other security vendors, including Bit9, McAfee and Lumension, are moving in that direction.

"What we primarily found is that the blacklist/whitelist model is generally not really as secure a model as the fine-grain delegation of privilege that we present," said Jim Zierick, executive vice president of product operations at BeyondTrust. "It's too coarse. It's either a yes or no answer."

Under the current BeyondTrust system, an employee has to get permission from IT staff in order to download an application. Gartner analyst Peter Firstbrook said such an approach can be too restrictive.Ã'Â "We found out a long time ago that locking people out, even though it keeps your environment relatively pristine, doesn't lower your costs. It increases them," Firstbrook said. "It's good for security, but it's not that practical."

BeyondTrust could take whitelisting a step further by letting customers choose which apps employees can download, depending on their jobs, Firstbrook said. BeyondTrust would tap eEye to make sure downloaded applications are kept up to date. Running older versions of applications leaves them vulnerable to attacks, because the software lacks the latest patches.

Read more about application security in CSOonline's Application Security section.

IDG UK Sites

Spotify launches on PS4 as Tidal arrives on Sonos: It's Tidal vs Spotify music streaming

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Adobe Comp CC iPad app review

IDG UK Sites

April Fool's Day pranks: play these geeky pranks on April Fools Day and fool your friends