Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:45 AM

Microsoft in Whale of a Deal

Software behemoth buys SSL VPN startup Whale for an undisclosed amount

Microsoft today bought privately held SSL VPN vendor Whale Communications for an undisclosed sum, another move to bolster enterprise network security for its customers. (See Microsoft Acquires Whale.)

Fort Lee, N.J.-based Whale, which specializes in Windows-based Secure Sockets Layer VPN hardware, is the latest security vendor to get snapped up by a big-name player, after Juniper stumped up about $4 billion in stock for NetScreen, and Citrix bought NetScaler, a startup offering a combination of SSL VPN and load balancing features. (See Juniper to Acquire NetScreen, Citrix to Buy NetScaler for $300M, and Meta Group Ranks SSL VPN Market.)

The move is also designed to support Microsoft's Network Access Protection (NAP) play at a time when the major vendors are cranking up their security strategies. Microsoft's NAP, for example, plays in the same space as Cisco's Network Admission Control (NAC) and Juniper's Enterprise Infranet initiatives, which attempt to secure corporate networks. (See Chambers Shouts About Security, Cisco, Microsoft Team Up on Security, and Juniper Infranets the Enterprise.)

But at this stage, Microsoft is yet to reveal its specific long-term plans for Whale, saying only in a statement released this morning that the platform will broaden users' access options from a variety of locations and devices. This, according to the vendor, includes PCs, Internet kiosks, and mobile devices.

Rob Whiteley, senior analyst at Forrester Research, tells Byte and Switch that the deal makes sense, citing the long-standing relationship between the two companies. "Whale has always had an SSL VPN and application firewall that's built on Windows server," he notes. "It was clear that they were going to develop a tighter relationship that was either an OEM deal or an acquisition."

According to Whiteley, the deal spells good news for customers. "What this gives the end users is the ability to further leverage Microsoft's overall NAP strategy and pull end-point security policies into remote and mobile devices."

But Whiteley warns that the two firms take radically different approaches to security. "The biggest challenge is going to be that Whale is an appliance vendor, Microsoft is not," he says. "They need to figure whether they are going to stay committed to this in the appliance form factor."

Dan Harman, Lotus Notes administrator at Upland, Calif.-based real estate developer Lewis Operating Corp. which has deployed two of Whale's e-Gap devices for remote employee access, tells Byte and Switch that he hopes Microsoft will put its weight behind the Whale appliances. "As far as I know, Whale will still be doing what Whale does -- it's pretty important for us," he says.

This, says Whiteley, is typical of how most users approach SSL VPN technology. "As SSL VPN technology emerges, users are more comfortable with the appliance form factor."

Other Whale customers include the U.K.'s governing Labour Party, utility firm E.ON, Virgin Atlantic Airways, Krispy Kreme, and the Sumitomo Mitsui Banking Corporation.

Microsoft is diving into a market segment poised for growth. Analyst firm Infonetics predicts that the market for network security appliances and software will be worth $5.5 billion in 2008, up from $3.7 billion in 2004. (See Network Security Market up 30% in Q4.)

Microsoft is yet to yet confirm how many of the Whale workforce or executive team will be moving over to the software vendor.

In trading today, shares of Microsoft rose 32 cents (1.41 percent) to $23.05.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

  • Citrix Systems Inc. (Nasdaq: CTXS)
  • Forrester Research Inc.
  • Infonetics Research Inc.
  • Juniper Networks Inc. (Nasdaq: JNPR)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Whale Communications Ltd.


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
    Stephen Ward, VP, ThreatConnect,  7/1/2020
    Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
    Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-07
    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
    PUBLISHED: 2020-07-07
    Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
    PUBLISHED: 2020-07-07
    A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
    PUBLISHED: 2020-07-07
    Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
    PUBLISHED: 2020-07-07
    A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...