Symantec Lands Anti-Phishing Firm WholeSecurity

In an move to beef up on the latest online security threats, Symantec (Nasdaq: SYMC) has agreed to acquire WholeSecurity, a behavior-based security and anti-phishing technology firm.

Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials.

WholeSecurity's technology analyzes the characteristics and actions of viruses, worms and other malicious code to offer real-time protection against these threats without the need for traditional security signatures.

"WholeSecurity provides industry leading protection from phishing attacks, one of the fastest growing threats to online transactions, such as banking, e-commerce, and auctions," said Enrique Salem, senior vice president, Symantec Security Products and Solutions. "In addition, WholeSecurity's family of solutions provides critical behavior-based security technology that we expect to be a core component of Symantec's baseline consumer security and enterprise desktop solutions."

Behavior-Based Approach

Behavior-based security technology identifies online threats such as worms, viruses, Trojan horses, keystroke loggers, and phishing sites by their actions and characteristics.

WholeSecurity's Confidence Online analyzes the behavior exhibited by these threats against hundreds of detection modules to determine whether the active processes or Web sites are safe or malicious.

This technology is designed to immediately detect and mitigate unknown threats by their behavior without traditional signatures or patches thereby protecting users against zero-day attacks.

WholeSecurity's patent-pending behavior-based technology addresses applications ranging from browser-based phishing detection and notification to on-demand delivery of malicious code detection.

Shoring Up Security

Symantec already offers limited anti-phishing capabilities through its Brightmail anti-spam products. The WholeSecurity deal will expand the company's portfolio to handle phishing fraud and detect worms and other attacks.

Analysts said security companies would do well to shore up anti-phishing technologies. The Anti-Phishing Working Group's (APWG) latest Phishing Activity Trends Report, issued in July 2005, reveals the number of phishing reports is on the rise.

There were 14,135 phishing reports in July, according to APWG. The number of brands hijacked by phishing campaigns in July was 71. Financial Services is the most targeted industry sector, growing to nearly 86 percent of all attacks.

Competitive Differentiation

Jonathan Spira, CEO and Chief Analyst for Basex, told TechNewsWorld that WholeSecurity was a strategic acquisition for Symantec, a company that took over Veritas Software in July and announced plans to acquire Sygate Technologies in August.

"WholeSecurity's tools are behavior-based, which means that they determine if a potential virus is malicious based on what it is trying to do. Products such as Norton Internet Security use signatures to identify malware," Spira said. "WholeSecurity's behavior-based approach will protect a computer from an unidentified threat, which other tools won't do. Essentially, this means that endpoints will be more secure."

Spira said the acquisition will hopefully force end user organizations to recognize that risk are ever changing and static solutions will not protect endpoints securely. The transaction is expected to close in October. Financial terms of the deal were not disclosed.