Symantec makes $1.3B play for VeriSign's security biz

Continuing its buying spree, Symantec Corp. has agreed to acquire VeriSign's identity and authentication business, which includes SSL Certificate and Public Key Infrastructure (PKI) services, for $1.28 billion in cash.

The deal, announced by both companies Wednesday and expected to close by September, will broaden Symantec's security portfolio making it a leading player in identity management and PKI services. In the government market, Verisign is a provider of HSPD 12 solutions and is certified by the Defense Department to provide PKI digital certificates to contractors, state and local governments and individuals.

"Our business is about securing and managing information, but without the central theme of identity, we weren't able to provide the total solution," said Symantec president and CEO Enrique Salem, speaking on a conference call with analysts announcing the deal. "Now with the VeriSign security business … is going to allow us to ultimately create what I think is the most important thing, which is the user matters and the information matters. Devices and applications, quite frankly, they're irrelevant."

The acquisition of VeriSign's security business is the latest in a spate of deals by Symantec. Late last month, the company agreed to acquire PGP Corp. and GuardianEdge Technologies Inc., both leading providers of e-mail encryption software. Salem told analysts that the two deals and VersiSign are intended give Symantec much-need platform of encryption and identity management software and services.

"The combination of our strong authentication of users with Symantec’s e-mail and data encryption capabilities from its pending acquisition of PGP will enable customers to obtain a solution suite from a single vendor to protect information at rest, information in motion, information in use and ensure that only authorized users can access this information," said Atri Chatterjee, VeriSign's senior vice president of user authentication.

In acquiring VeriSign's security business, Symantec gains its platform for providing SSL certificates, PKI services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) authentication service. Sites that have the VeriSign check mark using VeriSign's SSL's certificates are certified as legitimate and safe to conduct transactions with. The VeriSign check mark means the company has certified the authenticity of a site and allows for encrypted transactions using its SSL certificates.

The recently launched VeriSign Trust Seal is aimed at certifying that a Web site has passed malware scans. It is intended for sites that are nontransactional.

By acquiring VeriSign's security business, Symantec will be taking on RSA, which is the security division of EMC, and supplier of a broad portfolio of authentication and identity management infrastructure, notably SecurID, said Scott Crawford, an analyst at Enterprise Management Associates. "Symantec remains the vendor to beat in terms of security leadership, both in the consumer and enterprise space" Crawford said in an interview.

Symantec said it intends to cross-sell the VeriSign portfolio across its product line but most notably via its Data Loss Protection platform (DLP) and the Norton Internet Security suite. For Salem, adding identity management to its portfolio of data protection and security wares fills a key gap across all segments from consumers to large enterprises.

"It's really about us acknowledging very, very clearly that to be successful with our vision of securing and managing information, we have to be able to secure identities," Salem said. "Without that we're not able to provide a complete solution. In many ways I can tell a clear simpler story by bringing in this capability instead of having to continually answer why we are not in a position to effectively and protect identities."