Blue Coat To Acquire Solera Networks For Threat Intelligence, Analytics

The Sunnyvale, Calif.-based security appliance maker said it plans to add Solera to its portfolio. Solera sells a DeepSee network monitoring platform, which has been popular with computer forensics teams who praise the performance of its core processing engine. It acts as a network recorder, providing security analytics and forensic capabilities to trace a breach to the source.

[Related: Head-To-Head: Symantec Vs. McAfee In Endpoint Protection ]

"Solera is a DVR for the network that records traffic and enables customers to easily search and access that information," Greg Clark, CEO of Blue Coat, said in a statement. "By utilizing analytics to determine the root cause of the security breach, Solera can proactively provide real-time threat protection."

Blue Coat, once a publicly traded company, was acquired last year by private equity firm Thoma Bravo for $1.3 billion and has been reshaping its product strategy around large enterprise deployments.

Blue Coat sells proxy appliances designed to protect endpoints by acting as the central point to control employee Internet use. The company sells an appliance for large enterprises that provides URL filtering, controls scripts and monitors digital certificates and antimalware via third-party antivirus engines. The company also has a cloud-based secure Web gateway service it calls WebPulse that tracks malware networks and provides antimalware protection from attacks, mainly financially motivated cybercrime, emanating from those networks. The company provides application traffic control and WAN optimization as well.

Blue Coat said enterprises could combine DeepSee software and appliances for rapid response and recovery from an attack or security breach. The company plans to combine attack and incident data collected from Solera customers with its WebPulse service to provide faster and more complete protection. The company claims the combined service includes data from 15,000 companies, including 86 percent of the Fortune 500.

Combined with security analytics, Solera's software could help organizations mitigate zero-day threats and attacks that use more sophisticated malware, said Steve Shillingford, CEO of Solera. The company has been transforming its appliance into a real-time network monitoring platform that businesses can use to contain attacks before they become a serious problem. Both companies use an open architecture, designed to integrate with third-party products including HP-ArcSight, Sourcefire, Splunk and FireEye.

Blue Coat's focus has been on combining security with operational efficiency and throughput, said Wendy Nather, research director of the enterprise security practice at 451 Research. Under Thoma Bravo the company has been building out network functionality, Nather said.

For example, Thoma Bravo acquired Crossbeam Systems in November. Crossbeam is seen as a high-end network security appliance for data center deployments. It combines unified threat management capabilities, firewalling, and intrusion prevention and detection systems from a variety of vendors. One month later, Thoma Bravo integrated Crossbeam into Blue Coat's portfolio.

"Blue Coat was previously only about enterprise protection and now this is part of its much broader network play," Nather said. "If you want to get into deep inspection and network forensics, you need something like Solera."

The acquisition makes sense for Blue Coat, which is getting pressure from a number of security firms that provide integrated perimeter protection, including next-generation firewall makers, said Mike Rothman, analyst and president of research consultancy Securosis. The acquisition is more confusing from Solera's standpoint, Rothman said.

Solera's deep packet analysis engine was highly praised, making it an acquisition target from a larger firm, such as McAfee, IBM or HP, Rothman said. Some security experts thought McAfee, an Intel subsidiary, would make a move to buy Solera. Intel's financial arm had invested in Solera last year.

"I think it underserves the strategic need for what being able to analyze packets means from a security management standpoint," Rothman said.

Blue Coat also unveiled a five-pronged approach for security that includes policy enforcement, mobile security, application security, performance and data breach resolution. The company unveiled an Application Classification Service and Application Controller to monitor and identify potentially malicious applications. Blue Coat said the service provides dynamic application classification and comprehensive application profiles.

PUBLISHED MAY 22, 2013