Application trust technology to protect devices operating in restricted environments

May 19, 2009 08:44 GMT  ·  By

Global IT security vendor McAfee has announced an agreement to acquire whitelisting leader Solidcore Systems. The company plans to integrate the Solidcore technology into its own blacklisting-based malware detection and prevention solutions and use it to protect critical infrastructure systems.

Solidcore Systems develops security products that employ dynamic whitelisting in order to protect medical devices, thin clients, ATMs, retail points of sale (POS), or Supervisory Control and Data Acquisition (SCADA) systems. All these devices are supposed to operate in restricted environments, where only specific software is intended to be run.

Because of this, a whitelisting model, which permits administrators to define which applications or pieces of code are allowed to be executed, rather than selecting the ones that aren't (the blacklisting approach), is more suitable and efficient.

Such targeted technology is of high demand, specifically at these times when security professionals have documented the first-ever malware designed specifically for ATMs, critical SCADA software has come under the microscope of vulnerability researchers and U.S. officials claim that foreign hackers have already compromised the national electric grid.

Solidcore products currently service some 200,000 endpoints at more than 100 financial institutions and 15,000 retail stores, spanning over 40 countries. "Through this acquisition, we believe McAfee can expand its reach into new markets, secure new platforms and strengthen its hold as the leader in the $6 billion endpoint security market. […] Solidcore has strong financial results, is profitable and has a very good customer base. I see this as a win-win for our customers, partners and for Solidcore and McAfee," David DeWalt, McAfee's CEO and president, commented.

Meanwhile, Solidcore's CEO and President, Anne Bonaparte, explained that, "The integration of Solidcore with McAfee will provide customers with the highest level of system integrity and security across their physical and virtual environments, and allow customers to more quickly and easily meet the today’s demanding compliance requirements."

The $33-million deal is expected to be closed during the second quarter of 2009, at which point McAfee's Risk and Compliance business unit will be expanded to incorporate the Solidcore team. George Kurtz, McAfee's senior vice president and general manager, will continue to lead this unit after the merge. McAfee might later pay an additional $14 million, if some special performance targets are met.