Qualys To Buy Threat Detection Startup NetWatcher To Strengthen Ties With MSSPs

Qualys plans to purchase the assets of NetWatcher to expand its reach into the real-time threat intelligence market and bolster its relationship with managed security service providers.

The Foster City, Calif.-based cloud security vendor said the acquisition will fortify its threat detection, incident response and compliance management capabilities for businesses of all sizes. The Reston, Va.-based startup provides businesses with a real-time view of potential security vulnerabilities such as weak passwords, unsafe behavior and outdated software, according to Qualys.

"Built on open-source components, NetWatcher has created a comprehensive cybersecurity and threat intelligence service that helps businesses of all sizes effectively manage cyberthreats, provide incident response, and manage compliance across on-premise, hybrid and cloud environments," Philippe Courtot, Qualys chairman and CEO, said in a statement.   

[RELATED: Q&A: Qualys CEO On Why Legacy Security Companies Won't Cut It In Cloud-First World]

NetWatcher leverages continuous network security monitoring to identify potential threats and vulnerabilities created by employees and external entities, as well as enable customers to remediate those security issues quickly, according to the company. MSSPs will be vital in offering and delivering NetWatcher's services to their clients worldwide, according to Courtot.  

The company's executive team will be incorporated into Qualys, with CEO Scott Suhy becoming vice president of strategic alliances and business development and founder and CTO Kenneth Shelton becoming vice president of engineering and real-time threat correlation platforms. NetWatcher was founded in 2012 and employs 12 people, according to LinkedIn.

Qualys's stock is down $0.75 (1.23%) to $60 per share in trading Wednesday morning. Terms of the deal, which will not have a material impact on Qualys' financials, weren't disclosed, and Qualys didn't immediately respond to requests for additional comment.

NetWatcher's on-premises or cloud-based sensors provide threat intelligence derived from correlating data from multiple sources such as intrusion detection, netflow analytics and log analysis, Qualys said. Endpoint sensors, meanwhile, provide log forwarding and behavioral monitoring on-premises and when mobile users are connecting to unsecure Wi-Fi networks.   

The company also presents notifications if users create vulnerabilities on the network by running risky or vulnerable software or sending personally identifiable information over the internet in clear text. For exploited assets, alerts are provided immediately through a customer portal, mobile app, reports, email and text, according to Qualys.

NetWatcher also delivers compliance reporting for programs such as HIPAA and PCI DSS that require log storage, management and monitoring.  

Qualys' cloud-based approach to security has historically made it difficult for the company to offer SIEM or log management tools, according to Nathan Wenzler, chief security strategist at Larkspur, Calif.-based AsTech Consulting.

But, in the past few years, Wenzler said Qualys has increasingly offered its customers the option of installing a local piece of software on their endpoint that feeds data back to the cloud. With Qualys better situated to dealing with localized sensors and agents, Wenzler said the company is at last able to leverage SIEM and log management tools that gather data locally and funnel it back into the cloud.

"Now is a good time for Qualys to be doing this," Wenzler said. "It's going to be a really big step forward for them."   

Most major Fortune 100 or Fortune 500 companies have already invested pretty heavily in a log management tool, Wenzler said, and therefore might be a little reluctant to switch over to the new Qualys offering – even if it's somewhat less expensive – given the investments they're already made.

But Wenzler said many SMB customers are still stuck running a rudimentary log management tool due to the cost associated with purchasing a major SIEM system. He said these customers are hungry for a vendor like Qualys to come in and offer SIEM and behavioral analysis tools at a reasonable price point that don't require multiple employees or a huge professional services budget to manage.

"The more that Qualys adds to their cloud platform, the more that MSSPs can offer," Wenzler said. "This is quite a big deal." 

Read more articles on: