Microsoft Plans To Acquire Whale Communications To Improve Security And Access

Microsoft hopes to harpoon Whale to help enterprises beef up security for Web applications and mobile devices.

Larry Greenemeier, Contributor

May 18, 2006

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Microsoft acquired privately held Whale Communications on Thursday in a move designed to help enterprises tame the security problems caused by proliferating Web applications and mobile devices.

The acquisition would bulk up Microsoft's recently formed Security, Access and Solutions division. Whale specializes in providing Secure Sockets Layer VPN appliances as well as Web application firewalls to help companies protect themselves against SQL injection attacks. Whale's Intelligent Application Gateway SSL VPN is expected to complement the security and access capabilities already built into Windows Server and Microsoft's Internet Security and Acceleration, or ISA, server.

The acquisition gives Microsoft access to some key technology: application optimizers for Outlook Web Access, SharePoint, IBM Lotus Domino, Lotus Domino Web Access, SAP Enterprise Portal, and EMC Documentum Webtop. One function of these application optimizers is to inspect and validate data as it's inputted into Web applications, a step that's critical for blocking SQL injection attacks, which are initiated when an attacker enters code into a Web data field that tricks a login screen into providing unauthorized access to sensitive information.

SQL injection attacks are at the foundation of the case against Eric McCarty, a 25-year-old network administrator with Cisco and Microsoft certifications facing up to 10 years in federal prison for allegedly damaging the University of Southern California's online application system. He allegedly used SQL injection attacks in a June 2005 unauthorized penetration test of USC's Web applications. He's accused of extracting data from an SQL database containing Social Security numbers, birth dates, and other information for more than 275,000 USC applicants since 1997.

As part of Microsoft's Security, Access and Solutions division, formed earlier this year, Whale's technology will join other security products Microsoft has acquired, including Antigen for Exchange, Antigen for SMTP Gateways, Antigen Spam Manager, and Antigen Enterprise Manager, which Microsoft acquired along with Sybari in June 2005. The Security, Access and Solutions division, led by corporate VP Ted Kummert, also offers anti-virus software from Romanian acquisition GeCAD Software and anti-spyware software from Giant Company Software.

Customers are demanding increased security even as they look to expand network access to an increasing number of mobile users, which include not just employees but also business partners and customers, says Steve Brown, Microsoft's director of security product management. Security, Access and Solutions "was formed to bridge the gap between security and access," he adds.

In other security-provider acquisition news, VeriSign Wednesday announced its plans for a $125 million purchase of GeoTrust. Both companies provide SSL technology, and VeriSign is looking to take advantage of the smaller GeoTrust's well-developed reseller channel.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights