Thursday, November 1, 2007

McAfee buys ScanAlert

McAfee announced today it bought ScanAlert for US$54 million. ScanAlert sells a web site security scanning service. After a number of bad buys, McAfee seems to be on to a good thing this time. US$54 million for 75,000 paying customers is a fair price.

There's a US$24 million earn out, but if that is worded and devised similar to most earn outs, at the end it's either going to add significant value or not end up being paid at all ...

It seems McAfee plans to couple ScanAlert with their excellent SiteAdvisor service, purchased in early 2006, which rates websites for their safety. I think McAfee has made an excellent move and with this acquisition is putting itself in a good position to take advantage of the emerging web


sandro said...

At least someone didn't agree with you

This security compliance thing is certainly a growing industry now esp thanks to PCI. Definitely something worth getting into

Nick Galea said...

He makes some very interesting points. I don't know how good/bad the Scanalert service is, but i do know that getting 75,000 paying customers is worth quite a bit.... Plus you remove a competitor....

He mentioned Qualys as a good scanner, but as far as i know it has no web vulnerability scanning capability, which is my opinion is not acceptable these days for a web based security scanning service

sandro said...

Regarding Qualys: From what I hear, its a terrible vulnerability scanner. Giving you a report full of false positives and lots of meaningless alerts that you have to double check once the scan is done.

This is not 1st hand experience; but i know that Visa/PCI guys are using it.

Given the reliance on webapps nowadays, it doesn't make much sense for a commercial vulnerability scanner to omit web application vulnerabilities. So yea you're spot on on that one.

But they are working on it ;)

Wayne Hewitt said...

hello nick!

long time no see.. i just noticed you are on blogger by chance

i've heard you moved to Cyprus

wish you well