Email archiving, encryption and storage provider Proofpoint is acquiring Armorize Technologies in a $25 million deal that adds software security scanning and cloud-based antimalware technology to the company's portfolio.
The acquisition is expected to close at the end of October.
Proofpoint, based in Sunnyvale, Calif., focuses on email security with its email security gateway, providing antispam, encryption and data loss prevention capabilities. The firm launched an anti-spearphishing platform to protect end users against targeted phishing email attacks last year.
Proofpoint CEO Gary Steele said in a statement that the acquisition made sense since it was using Armorize's technology in its Targeted Attack Protection product. "Acquiring Armorize solidifies Proofpoint's leading position in cloud-based, next-generation threat detection technology and gives us full access to Armorize's world-class malware research expertise," he said.
Santa Clara, Calif.-based Armorize has had a team of about 35 researchers based in Taiwan led by Armorize founder and CEO Wayne Huang. The company was initially driven in 2010 by noted software security expert Caleb Sima, who founded SPI Dynamics and stayed on with Hewlett-Packard after it acquired SPI Dynamics in 2007. In addition to targeted attack research, Armorize focused on a software security platform for developers. In recent years, the company built out its sandboxing technology, which can inspect and block email and web-based attacks, said Mike Rothman, president and analyst at security research firm and consultancy Securosis.
Proofpoint appears to be buying Armorize's technology portfolio so competitors don't take out a key piece of Proofpoint's current capabilities, Rothman told CRN. Adding Armorize builds out Proofpoint's current sandboxing capabilities to inspect suspicious files in email messages or web-based attacks. Proofpoint paid a reasonable price for the control technology, Rothman said.
"Proofpoint built out a good business and has quite a bit of enterprise customers," Rothman said. "Email is still one of the prominent attack mechanisms out there, and the ability to use a sandbox and scrutinize files so end users don't hurt themselves or the company they work for is a good one to have."
Armorize's static and dynamic analysis engine used for software security vulnerabilities is combined with Armorize's HackAlert line of products for website monitoring, vulnerability assessment and code security. In a blog post announcing the acquisition, Huang said the decision to sell the company helps get its core technologies to a broader audience. He said far too many companies are relying on outdated measures to protect systems against malware, including standard antivirus products. Advanced persistent threats (APTs) use spearphishing and sometimes custom malware to defeat detection technologies, he said.
"Our new platform is focused on detecting 'next generation attacks,' and it doesn't just include APT," Huang wrote. "For example, an important APT requirement is to focus on the attack scope. To reduce exposure and prolong attack lifespan, APT attacks limit the delivery scope and focus only on desired targets."
PUBLISHED AUG. 9, 2013