FireMon Buys Risk Analysis Firm, Plans To Add Government VARs

Solution providers partnering with security operations firm FireMon could be targeting new markets and new audiences after the company acquired risk analysis firm Saperix Technologies last week.

The acquisition will give FireMon a leg up over its competition with access to Saperix's risk analysis software, designed to quantify risk for enterprise organizations by generating accessible graphs that clearly identify the most critical threats attacking the company's network and subsequently the most effective security measures to combat them.

FireMon founder Gary Fish, also founder and CEO of long-established security solution provider FishNet Security, based in Kansas City, Mo., said that the time was right to acquire a new technology that would give them a competitive edge in the security operations and management space against companies like Tufin, AlgoSec and SkyBox.

"That space had gotten a little crowded since we pioneered that space. We were looking to grow that company. We started looking for an acquisition in what I call adjacent technologies that would fit our mission in security," Fish said. "The general message is, we're not content with FireMon being a small software company. We're looking to grow that."

The newly acquired software produces an accurate and automated risk assessment, predicts the most salient and dangerous threats posed by zero-day attacks, identifies the most effective remediation tactics, and evaluates company security policies and vulnerability data. It then correlates all that data and "paints a picture of the network," Fish said, by generating user-friendly attack graphs that simulate vulnerabilities while providing countermeasures to mitigate them.

Fish said that the Saperix software, while sophisticated, had yet to be primed for commercial use, lacking loaders, installers and other enhancements to the GUI. A product rollout integrating Saperix technology has been in the works for about a month and is expected to officially launch some time in June once those features are added, Fish said.

Meanwhile, Saperix executives maintain that the acquisition was necessary to ensure the company's reach and growth, while providing a comprehensive product that could house the technology and be brought to market.

"The Saperix software is proven technology. But to grow that technology into a complete risk analysis solution, we needed to incorporate device-specific knowledge and operational capabilities," said Stephen Boyer, Saperix CEO, in a statement.

FireMon, formerly Secure Passage, seemed to fit the bill with its firewall policy, risk and compliance management products.

In general, FireMon partners currently target security administrators with its flagship Security Manager, a security operations and management tool designed to simplify and automate analysis configuration and change management processes.

However, Fish said that the addition of risk management technology embedded in future products will likely give FireMon partners the ability to sell to C-level executives as well as audit and compliance personnel.

"It gives us a new audience to sell to," Fish said. "That will help us sell up the food chain in an organization."

Next: FireMon Plans To Recruit Government VARs

The addition of Saperix, developed at MIT and initially dedicated to the government space, will also enable FireMon to expand its existing reseller base of 70 channel partners and target new and existing markets in the U.S. and Europe, particularly the U.K., Fish said. Already the company had signed on several new government resellers and planned to add on more, he added.

They're all efforts that he hopes will enable the company to keep its edge as it continues to grow, Fish said.

"We want to differentiate ourselves so it's not a pricing game," Fish said. "We see that a lot. Competitors are willing to compete on price. I just choose not to go there. I'd rather build a really good company and a really good product."