The price tag on the deal is $40m cash, according to Chris Babel, VeriSign’s vice president of managed security services. The company is not disclosing iDefense’s recent financial performance, but does not expect its contribution to be material.
iDefense made its name by paying about 200 freelance security researchers in 31 countries to find vulnerabilities in popular software. It then notifies the affected vendor, before providing its customers with pre-patch protection.
A lot of companies out there do a lot of vulnerability repackaging, they go through vendors’ web site looking for vulnerabilities and repackage that information, Babel said. iDefense’s research, by contrast, is original, he said.
Barely a month goes past without Microsoft Corp issuing a patch for a vulnerability found by an iDefense researcher. The company competes with the likes of Internet Security Systems Inc and eEye Security Inc in this regard.
VeriSign plans to incorporate iDefense’s data into its MSS offerings, so that its managed firewall/IDS customers can get pre-patch protection against the vulnerabilities iDefense has found. It’s a value add, Babel said.
The deal gives VeriSign the research arm it has lacked to date, making its MSS business look more like Internet Security Systems’ MSS business. It also gives VeriSign access to upsell iDefense’s customer base.
There are absolutely companies that are in the customer base of iDefense that we think we can upsell, Babel said. Half of iDefense’s customer base is governmental. A quarter is financial services. The firm has a number of Fortune 100 customers, Babel said.
Babel said VeriSign will continue to sell iDefense’s data products separately, and will continue to license the data to third party software vendors, such as security information management players like ArcSight and IPS players like Sygate.
