McAfee buys whitelisting technology pioneer Solidcore

Published- May 20, 2009
By Anonymous

NewYork - Anti-virus software and intrusion prevention solutions provider McAfee Inc. has agreed to buy Solidcore Systems Inc., a Palo Alto, Calif.-based provider of dynamic whitelisting technology for $33 million in cash up-front and an additional $14 million if certain sales targets are met.


The deal, expected to be finalized by the end of June, will enable McAfee to offer whitelisting technology to a broader range of embedded devices, including ATMs, point of sale (POS) systems, multifunction printers, mobiles and other embedded devices, and Supervisory Control and Data Acquisition (SCADA) systems.

Whitelisting technology ensures that only pre-authorized software and code (i.e. known safe applications) can run on devices. This approach is an alternative to blacklisting or looking for either the signature or behavior associated with known bad applications, used widely in anti-virus scanners, intrusion prevention tools etc.

According to a McAfee official, whitelisting technology assumes importance especially at a time when the security of control systems at utilities that rely on SCADA technology has become a topic of concern over recent months, with anonymous Federal agents alleging that overseas intelligence agencies have hacked into the US national grid.

"The Solidcore acquisition will allows McAfee to offer products designed to mitigate against these types of attack, as well as arguably more pressing concerns about malware on retail sales terminals," the official said, adding that the acquisition will also allow McAfee to beef up its product portfolio in virtualization security, using Solidcore's technology for locking down virtual environments.

McAfee said it plans to integrate Solidcore's dynamic whitelisting and compliance enforcement technology with its existing compliance mapping and policy audit tools.

"Solidcore's industry-leading compliance and protection solutions will extend the current McAfee security portfolio beyond signature-based anti-malware with the addition of dynamic whitelisting and application trust technology," said Dave DeWalt, president and CEO, McAfee.

"Combined with leading McAfee anti-virus, anti-spyware, host intrusion prevention, policy auditing and firewall technologies, we will help customers more easily mitigate the risks associated with vulnerable or malicious applications downloaded by employees. Through this acquisition, we believe McAfee can expand its reach into new markets, secure new platforms and strengthen its hold as the leader in the $6 billion endpoint security market," DeWalt said.

According to Anne Bonaparte, president and CEO, Solidcore, the integration of Solidcore with McAfee "will provide customers with the highest level of system integrity and security across their physical and virtual environments, and allow customers to more quickly and easily meet the today's demanding compliance requirements."

"Today's complex threat landscape and evolving compliance standards require customers to go beyond a reactive, 'check-the-box' model for security and deploy preventive security that incorporates dynamic whitelisting," she said.

Solidcore's customers span across 40 countries, comprising over 100 financial institutions and more than 15000 retail store.

Good for mcafee...

Symantec and McAfee race to develop applications for iPhone

Published- May 18, 2009
By Sunita Bothra

Symantec and McAfee, the anti-malware giants are apparently in a race to develop applications for Apple’s iPhone.

Although the final form of application is yet to be finalized, but both security companies are keen on developing software for Apple’s popular phone.

Appearing to be very similar to Apple’s MobileMe service, Symantec’s concept also backs up user data to protect against the eventuality of a problem.

Although it monitored potential issues, but the company said that it would not be developing anti-virus software for the device.

Dave DeWalt, Symantec Rivals McAfee’s Chief Executive told media that an iPhone product was being developed, adding: “We are working on a much more comprehensive suite for the Apple family.”

“The more applications become available, the more the threat of security and the threat of identity and data loss is there,” he added.

For a better future!!

Solidcore Sells To McAfee

Published- May 18, 2009
At http://www.pehub.com/40115/solidcore-sells-to-mcafee/

Solidcore Systems Inc., a Palo Alto, Calif.-based provider of IT control solutions, has sold to McAfee Inc. for $33 million in cash with a $14 million earn out. Solidcore has received $46 million in funding through four rounds of funding from the likes of Jafco Ventures, Matrix Partners, Menlo Ventures, and Sevin Rosen Funds.

Press release:

On May 15, McAfee, Inc (NYSE: MFE) announced a definitive agreement to acquire privately owned Solidcore Systems, Inc. Founded in 2003, Solidcore is a leader in protecting critical IT infrastructure from devices to the data center. Organizations worldwide trust Solidcore to detect and prevent unwanted change as a way to improve IT compliance, security, and availability. Solidcore easily automates PCI controls and is a pioneer in dynamic whitelisting technology for locking down critical systems and preventing unauthorized change events.

“Solidcore’s industry-leading compliance and protection solutions will extend the current McAfee® security portfolio beyond signature-based anti-malware with the addition of dynamic whitelisting and application trust technology. Combined with leading McAfee antivirus, antispyware, host intrusion prevention, policy auditing and firewall technologies, we will help customers more easily mitigate the risks associated with vulnerable or malicious applications downloaded by employees. Through this acquisition, we believe McAfee can expand its reach into new markets, secure new platforms and strengthen its hold as the leader in the $6 billion endpoint security market.”

—Dave DeWalt, president and chief executive officer, McAfee, Inc.

Solidcore offers innovative application whitelisting technology

Solidcore is a leading provider of dynamic whitelisting technology that helps enterprises control which applications are installed on a computer, resulting in improved IT compliance, security, and availability. Solidcore’s single solution for endpoint security—which provides options for file integrity monitoring, whitelisting, and runtime control—is a growing favorite among IT and security professionals that want protection beyond the Payment Card Industry Data Security Standard (PCI DSS). Solidcore has been deployed to protect more than 200,000 endpoints in more than 40 countries at more than 100 financial institutions and across more than 15,000 retail stores.
McAfee strengthens its compliance solutions with real-time enforcement

Solidcore’s dynamic whitelisting protects against vulnerable or malicious applications and ensures that only pre-authorized software and code can run on servers, endpoints, fixed function devices, and mobile devices. Through this acquisition, McAfee will couple Solidcore’s dynamic whitelisting and compliance enforcement technology with McAfee compliance mapping and policy auditing, delivering the industry’s first end-to-end compliance solution.

McAfee will now offer customers continuous management of the compliance lifecycle (auditing, reporting, remediation, and now enforcement), resulting in reduced costs and faster time to compliance. Customers will also benefit from centralized management and reporting of the integrated technologies through the McAfee ePolicy Orchestrator® (ePO™) console.

“Today’s complex threat landscape and evolving compliance standards require customers to go beyond a reactive, ‘check-the-box’ model for security and deploy preventive security that incorporates dynamic whitelisting. The integration of Solidcore with McAfee will provide customers with the highest level of system integrity and security across their physical and virtual environments, and allow customers to more quickly and easily meet the today’s demanding compliance requirements.”

—Anne Bonaparte, president and chief executive officer, Solidcore Systems, Inc.

Following the closing, Solidcore’s technology will be incorporated into the McAfee Governance, Risk, and Compliance business unit, headed by George Kurtz, senior vice president and general manager.

The acquisition is expected to close in the second quarter of 2009 pending regulatory reviews.

Could be a protection of invesments...

'Mozy' Up: McAfee, EMC Team For Online Backup

Published- May. 18, 2009
By Joseph F. Kovar

McAfee and EMC are teaming up to offer online PC backup services in a move that will help EMC open up another front in its battle with archrival Symantec.

McAfee said late last week at its analyst meeting that it has signed a deal with EMC's Mozy division to offer the Mozy online backup service to its customers, according to Reuters.

McAfee plans to introduce the Mozy service in the second half of the year. It beta-tested a backup service a few years ago but never brought it to market, Reuters said.

Mozy is a part of EMC's new Decho Corporation, formed last year to offer online storage and other online services.

McAfee CEO Dave DeWalt is a former EMC executive.

Mozy is now the base on which EMC is building a Software-as-a-Service (SaaS) offering.

Symantec in mid-March unveiled its own online backup storage service, calling it Norton Online Storage Service.

Norton Online Backup is based on technology from SwapDrive, an online storage service provider acquired by Symantec last June.

Symantec also sells a business-oriented online storage software service called Symantec Protection Network, which it unveiled about a year ago as its SaaS platform.

Storage vendors have been actively signing deals in the past few months with providers of storage services, especially at the consumer and small-business PC level.

For instance, EMC Mozy archrival Carbonite, a Boston-based online storage provider, has in the past few months signed contracts to provide a similar service with Lenovo, Acer and LaCie.

Austin, Texas-based Caringo, a provider of clustered storage software, signed a similar deal to provide online storage services using technology from Chennai, India-based Vembu.

Good Team up...

McAfee plans new Apple, iPhone security products

Published- May 15, 2009
By NEW YORK (Reuters)

McAfee Inc plans to develop new security software for the iPhone and other Apple Inc products, Chief Executive David DeWalt said on Thursday.

McAfee, the world's second-largest maker of security software, already supplies security products for Apple computers and is in the process of expanding its offerings for the consumer electronics giant.

"We are working on a much more comprehensive suite for the Apple family," he said in an interview in New York ahead of the Reuters Global Technology Summit. "Through the course of 2009, we'll have a lot more technology for them."

McAfee provides a range of security technology including encryption, safe Web surfing, and protection from malicious software such as viruses.

DeWalt did not give a specific date for the launch of iPhone security products, or say which products it would provide for the popular smartphone. He said users of advanced devices like the iPhone tend to use a wide range of applications.

"The more applications become available, the more the threat of security and the threat of identity and data loss is there," he said.

Of course, they'd plan something like that, as that is their main purpose, security...

McAfee buying Solidcore for whitelisting technology

Published- 16 May, 2009
By Ellen Messmer

McAfee today announced it intends to acquire Solidcore Systems for about US$33 million in cash and an additional $14 million if certain performance targets are met.

McAfee indicated its interest in the acquisition centered on Solidcore's whitelisting technology that can set controls on what applications are allowed to run on a computer. After the acquisition is completed, McAfee expects to bring Solidcore's whitelisting and compliance enforcement mechanisms into the McAfee product line under the management umbrella of the McAfee ePolicy Orchestrator (ePO) management console.

Solidcore's current product line includes S3 Control, software for change control and configuration audit, among other products, such as the Point-of-Sale Check and Control software used in electronic POS devices.

"We will continue to invest further from the engineering and sales perspective," said Candace Worley, McAfee vice president of product management for the systems security business unit, who says McAfee will support Solidcore's current product line and customer base.

Solidcore is said to have about 1,000 customers, including NCR, Dell and General Motors, and is mainly focused on North America. McAfee would like to extend Solidcore's products to other markets globally. The products are used on more than 200,000 endpoints, which include Automated Teller Machines, POS systems, mobile devices, process-control systems, servers and workstations.

McAfee anticipates that Solidcore's whitelisting and security-controls technology, which can assist in compliance with the Payment Card Industry (PCI) data security standards for payment-card processing, could also find use in making virtualisation-based environments more secure. "We could leverage application whitelisting for securing a virtual environment," Worley noted.

The Solidcore acquisition is expected to be completed by mid-year.

Of course, nobody is an island, even for a gigantic company as Mcafee...

MPAA vs. RealNetworks: Five reasons why Hollywood will win

Published- May 18, 2009
By  Greg Sandoval


RealNetworks, the company behind the Real media player and Rhapsody music service, could this week become the latest courtroom conquest of the entertainment industry's fierce efforts to protect copyrights.

On Thursday, U.S. District Judge Marilyn Patel is expected to hear closing arguments in proceedings that will determine whether to remove a ban on the sale of RealDVD. The $30 software enables users to create and store copies of DVDs to their computer hard drives.

The Motion Picture Association of America (MPAA), the trade group representing the six largest film studios, filed suit last September to stop the sale of RealDVD and accused Real of copyright infringement and breach of contract. RealDVD and Facet, a proposed DVD player that can copy and store films, would hand users the ability to copy rented discs without paying a cent for them. The practice is known as "rent, rip, and return."

Real attorneys argued in court that the company operated within the law and that consumers have the legal right to backup copies of their media. Hollywood disagrees. "Fair use" proponents have kept a close eye on the case because a favorable decision for Real might bolster consumer rights.

But they're likely to be disappointed. Four days of testimony in a San Francisco federal court showed Real's case is trudging on very shaky legal ground. In addition to offering little evidence that it did not violate the Digital Millennium Copyright Act, Real's arguments that it obtained a license to use the studio's encryption technology and therefore owned the right to copy DVDs appeared to be overwhelmed by the MPAA's evidence to the contrary.

What might be most important about this case, a courtroom victory for the MPAA could put the kibosh on Facet, the device Real hopes is representative of the next-generation DVD player. Facet, which relies on the RealDVD software to make copies, can store up to 70 movies and would retail for about $300. In court, Real CEO Rob Glaser demonstrated the device and it hops between movies and television shows as easy as an iPod flips between songs.

Facet provides the kind of functionality that consumers want and could help rejuvenate slumping DVD sales, some observers say. The device, however, may never be sold in your local Best Buy for five reasons:

The rear view of Facet, a DVD-copying disc player that Hollywood says would cost it millions in pirated movies.
(Credit: Greg Sandoval/CNET Networks)

Not licensed to copy DVDs: In court, Real argued that the MPAA's breach of contract claims are baseless because the DVD Copy Protection Association, a group that includes film studios and DVD makers created to protect discs from piracy, issued it a license to use the organization's DVD Content Scramble System (CSS). This is the studio's encryption technology designed to prevent piracy.

When RealDVD copies movies, it never cracks the encryption, according to experts called to testify by Real. The MPAA's witnesses argued that the CSS license gives Real permission only to playback DVDs, not to copy them. Marsha King, a retired vice president at Warner Bros., testified that the whole purpose of the DVD-CCA licensing was to prevent consumer copying. "The studios were adamant that no copy be placed on the (computer) hard drive," she told the court.

Cracking ARccOS and RipGuard violates DMCA: Perhaps the weakest area of Real's defense is the circumvention of ARccOS (Advanced Regional Copy Control Operating Solution) and RipGuard.

The MPAA says these are anticopying technologies used by some of the major film studios as another layer of piracy protection in addition to CSS. They're not included in the CSS license. This means that even if the CSS license gave Real permission to copy, it wouldn't protect Real's cracking of ARccOS and RipGuard. Circumvention of copy protections violates the DMCA.

Real denied ARccOS or RipGuard are copy-protection measures. Douglas Dixon, one of Real's technology experts, testified both technologies are ineffective. This was one of the reasons the studios rarely used them, he said.

To illustrate his point, Dixon said Sony Pictures used ARccOS or RipGuard on just four film titles last year. Real's argument was this: if a copy protection isn't effective then it isn't really protecting anything and is not covered by the DMCA.

The irony is that Arccos and RipGuard were effective enough to foil Real's months-long attempt to crack them--starting in 2007--court documents showed. The copy protections even stumped Rocket Division, a company hired by Real to decrypt ArccOS and RipGuard, and a group the MPAA calls a "Ukranian hackers."

"Been...fighting with it for two weeks and no big success yet," wrote one of Rocket Division's managers in an e-mail to a Real executive. "With Arccoss the task appeared to be a little bit -- a little harder than we thought."

The studios told Patel that Real's argument that a copy protection needs to be impossible to break for it to be covered by the DMCA isn't logical. Why would unbreakable encryption need a law banning circumvention? The DMCA's anti-circumvention provisions are designed to cover all copy protections, MPAA lawyers said.

Studios could lose millions: Claims by the MPAA that RealDVD could cause significant financial harm were less convincing when the case was just about the software. With scores of similar products that cost nothing and were readily available online, why would anyone pay $30 for technology that were restricted by copy controls? RealDVD allows a user to watch a copied movie on five individual devices while copies made from software such as HandBrake are free of such limitations.

Then, Real's efforts to develop Facet surfaced and that changed the picture.

RealDVD was only one part of Real's DVD-copying strategy. The prize for Real was selling a box that copied and stored movies. Glaser acknowledged during the hearing that Facet offers no protection against piracy other than presenting a notice urging users not to copy movies they don't own.

Judge appears skeptical: Judge Patel has indicated several times that she isn't buying Real's story.

After Glaser outlined his company's attempts to stop Facet users from pirating films with little more than strong language, Patel hurumphed "Do you think this will be more effective than 'Just Say No?" This was a reference to the anti-drug campaign launched by the Reagan administration that was derided by critics for being naive and ineffective.

Last fall, when Patel halted sales of RealDVD, she told lawyers from both sides that she had questions about whether the software could enable mass copyright infringement. During opening arguments in the injunction hearing, one of Real's lawyers suggested that the company was in the right because it helped consumers backup their films.

"It's even more attractive to consumers to get everything for free," Patel said, in a seemingly sarcastic remark.

Real is grasping at legal straws: By accusing the studios of antitrust violations late in the process, Real is signaling that the company is less than confidant in it's case. In what appears to be a "Hail Mary" legal maneuver, Real claimed last week in a court filing that the studios are a cartel and that the CSS licensing agreement is proof they are guilty of boycotting Real.

This is a little late for Real to be raising these issues. The company could have made the claims at any time since September. Neither the CSS license, nor the studios relationship to it, is new.

Regardless of where Real's claims go, antitrust cases take years to litigate and will be unlikely to help RealDVD or Facet reach the market any time soon.

I wonder why I posted this here,