A Bear's Face on Mars Blake Lively's New Role Recognizing a Stroke Data Privacy Day Easy Chocolate Cake Recipe Peacock Discount Dead Space Remake Mental Health Exercises
Want CNET to notify you of price drops and the latest stories?
No, thank you

Is there method in Microsoft's security buys?

The software giant has been scooping up companies in the security field, but analysts wonder what it all adds up to.

While Microsoft's latest deals show it's committed to building its security muscle, some analysts say the company needs to focus on a clearer and more productive strategy.

The software maker said it was making security its top priority when it three years ago. Since then, it has overhauled its in-house development to bolster security and has put its $38 billion war chest to work. It has been buying antivirus and anti-spyware companies and other security assets--acquisitions that have been closely watched.

"While there is a great deal of hoopla around the acquisitions, what is more important is to see what they make of them," said Michael Cherry, a lead analyst at Directions on Microsoft in Kirkland, Wash. "I don't think that the past acquisitions have shown a tremendous payback yet."


What's new:
While Microsoft's latest deals show it's committed to building its security muscle, some analysts say the company needs to focus on a clearer and more productive strategy.

Bottom line:
It's about time that Microsoft turned the technologies it has picked up into actual products that customers can use, analysts said.

More stories on Microsoft security

It's about time that Microsoft turned the technologies it has picked up in its scattershot buys into actual products that customers can use, analysts said.

The company announced its takeover of FrontBridge Technologies, a hosted e-mail security provider, on Wednesday, the same day it said it had taken a minority stake in Finjan Software and licensed some of the security appliance maker's patents on behavior-based intrusion detection technologies.

These moves follow the acquisitions of Romanian antivirus software developer GeCad Software two years ago, desktop anti-spyware maker Giant Software in late 2004, and corporate security software vendor Sybari earlier this year. Sybari software can use multiple engines to scan e-mail and instant messages for viruses and spam.

The takeovers seem random, said Pete Lindstrom, a research director at Spire Security. "I think it is a reactive approach. They are picking up security products that they think are important to customers," he said. "It doesn't strike me that there is an obvious strategy to this."

Every product group is involved in Microsoft's companywide commitment to providing users with a secure computing experience, Amy Roberts, a director in Microsoft's security business and technology unit, said in an e-mailed statement. "Microsoft's recent acquisitions in the area of security represent continued investments in innovation, customer guidance and industry partnerships," she said.

Microsoft first took on the safety of its own products with its Trustworthy Computing push. With the acquisitions, the software maker attempted to move itself into a position to become a player in the security market and offer additional products to protect both consumers and business users. The ultimate goal is to counteract the perception of Microsoft as provider of insecure software, Cherry suggested, "to make it such that customers have no doubt that they are purchasing a secure system when they choose Windows," he said.

It is evident from the purchasing campaign that security continues to be important to the Redmond, Wash., company, analysts said.

But the series of takeovers may also signal that Microsoft's own development efforts are falling short, suggested David Schatsky, a senior vice president at Jupiter Research.

"They have been focusing a lot on internal development as well as these acquisitions, which signify that they are probably not satisfied with the pace at which they have been able to build up their security capabilities," Schatsky said.

"Security is a top priority for Microsoft," Roberts said. "Innovation is constant at Microsoft."

Since launching its Trustworthy Computing Initiative, Microsoft has changed the way it develops software in order to make its technology more secure. The "security development lifecycle process" is aimed at vetting code before pushing out products. Also, Microsoft does have protective programs that it built itself, such as the Windows Firewall for PCs and the ISA Server firewall for server computers.

This internal development and the outside acquisitions have left Microsoft holding a range of technologies. The question is how the company will tie all these together and how they can work with its lineup. "It is not the purchase that is important; it is how well Microsoft can integrate the purchase into its existing products and services," Directions on Microsoft's Cherry said.

Signed and sealed

Microsoft has bought up key companies and intellectual property rights with an eye to offering security add-ons for Windows systems and company networks.

FrontBridge Technologies
Company: Based in Marina del Rey, Calif. Privately held
Products: Hosted e-mail and messaging security and compliance services
Deal: Acquisition expected to close before the end of the third quarter pending routine regulatory review
Date: July 2005
Plans: Offer Exchange users a hosted service for security and compliance
Finjan Software
Company: Based in San Jose, Calif. Privately held
Products: Appliances for behavior-based protection against unknown security threats
Deal: Minority investment, patent licensing
Date: July 2005
Plans: Microsoft has not said how it will use Finjan's ideas in products
Sybari Software
Company: Based in East Northport, N.Y. Privately held
Products: Software to filter viruses and spam on networks. Antivirus engine not included
Deal: Acquisition, now a subsidiary
Date: February 2005
Plans: Antivirus and antispam tool for e-mail and collaboration servers
Giant Company Software
Company: Based in New York. Privately owned
Products: Software to combat spyware, pop-ups and spam
Deal: Acquisition, now a subsidiary
Date: December 2004
Plans: Anti-spyware product for Windows (in beta for consumers), enterprise version also planned
Company: Based in Bucharest, Romania. Privately held
Products: RAV antivirus engine
Deal: Sale of technology and intellectual property
Date: June 2003
Plans: Paid antivirus add-on for Windows; to integrate with Sybari software. Also used in Windows Malicious Software Removal Tool and OneCare consumer security product

And that is where the company has not delivered, Cherry said. The software maker bought GeCad in 2003, but the antivirus technology has yet to surface in a Microsoft product. Yes, in its security patches Microsoft offers a tool to detect malicious code, but it is not "obvious that they have capitalized on the GeCad purchase," Cherry said.

Also, while the Giant anti-spyware product was turned into a Windows AntiSpyware beta release within a month, it still is in its first beta seven months later, and there is no word on when a final version might be delivered, Cherry said.

Integration of acquired technologies takes awhile, Microsoft's Roberts said. "Like most investments, technology investments often require time to mature in order to realize their full potential to customers," she said.

Microsoft appears to be busy working on its product portfolio. Selected testers recently got their hands on Windows OneCare, a subscription antivirus and anti-spyware service for consumers. OneCare marks Microsoft's entry into the antivirus space--until now the domain of specialized vendors such as Symantec, McAfee and Trend Micro.

As with Windows AntiSpyware, however, Microsoft has not committed to a delivery date for the final OneCare product. A broad public beta is planned in the United States later this year, Microsoft has said.

Microsoft completed the acquisition of Sybari last month. The company continues to offer a range of Sybari products for Windows. Microsoft has also said that it will support the Sybari lineup predating the buy, but that it plans to stop selling tools for Unix and Linux.

Jupiter Research's Schatsky predicts that Microsoft will slow the pace of acquisitions over the coming year.

"At the same time, the pace of integrations may increase, as they have obtained a lot of new technology that now needs to be integrated into their products," he said.

Over the next months, a sense of Microsoft's grand plan for security may well emerge. But for now, some industry insiders are left scratching their heads, given the pattern of acquisitions. Microsoft's latest security buy, that of hosted e-mail security services provider FrontBridge, has Dean Drako, CEO of e-mail security appliance maker Barracuda Networks, wondering what the company is up to.

"Microsoft has traditionally been more of a software company than a service company," Drako said. "I am not sure what is going on."