McAfee to buy vulnerability management company

McAfee Inc. has agreed to buy Foundstone Inc. of Mission Viejo, Calif., for $86 million in cash, the company said today. The acquisition gives the security firm a foothold in the growing vulnerability management market.

"Chief information security officers need a comprehensive view of where their risks are," said George Samenuk, chairman and chief executive officer of McAfee.

McAfee of Santa Clara, Calif., was previously known as Network Associates Inc., but changed its name in June and began focusing on intrusion prevention solutions. It recently sold off its Sniffer Technologies network management business.

Last week, Foundstone announced that the Justice Department had settled on a Foundstone Enterprise software platform to reduce computer vulnerabilities and comply with the Federal Information Security Management Act.

"Strength, scalability and flexibility of deployment were critical factors in our selection of Foundstone," said Ted Shelkey, assistant director of information security technology for the Justice Department.

The Army, Federal Aviation Administration and Transportation Department also use Foundstone Enterprise. The software helps inventory IT assets, identify vulnerabilities and plug the holes where worms and other malicious code can enter a network.

Stamford, Conn.-based research firm Gartner Inc. estimates that enterprises that use vulnerability management solutions experience 90 percent fewer security breaches than those that don't.

Framingham, Mass.-based IDC Corp. expects the market for vulnerability assessment and management and intrusion detection software to reach $1.6 billion by 2008.

McAfee officials expect the transaction to close within 60 days.