Novell Shells Out $72 Million to Buy e-Security

Published: April 25, 2006

by Timothy Prickett Morgan

Commercial Linux distributor Novell last week continued to build out the security features of its SUSE Linux by acquiring e-Security, a provider of automated compliance and reporting software, for $72 million. e-Security, which is based in Vienna, Virginia, was founded in 1999 and its Sentinel security event manager software is used by 150 companies, many of them very large organizations who have had their IT operations turned upside down by various government compliance regulations in the past year.

While Novell has been a leader in identity management software, which provides and denies access to applications, files, and network resources based on end-user profiles, and bought a small company called the Immunix to beef up system security on SUSE Linux last May, compliance regulations are not just about having security, but proving through security monitoring and reporting that your systems are as secure as you think they are. Company auditors--meaning bean counters--don't try to hack your system; they read reports that show whether or not a machine is secure. You can have the most secure systems in the world, but if you can't prove that in a report, you have not pleased an auditor. And that is a problem.

As it turns out, it is a problem that Novell thinks it can make some money chasing, which is why it has spent so much money on a new software unit that is expected to generate only about $20 million in sales in the next 12 months.

The Sentinel software collects, aggregates, correlates, and displays event information as it relates to users, resources, and applications. Basically, it is a big spy that watches whatever you tell it to. The software creates an audit trail for everything that goes on in the system. Sentinel 5 comes with a whole slew of what are called "collectors," which is just another way to say monitoring agents. When you want to monitor some aspect of a system, you use or create a collector and then give it rules about what it should do when certain conditions are met. Collectors are created for the device, application, and network levels. On the operating system front, e-Security had already created collectors for Microsoft Windows 2000 and Windows 2003 and the Microsoft Operations Manager (MOM) systems management console; Red Hat Enterprise Linux; Sun Microsystems Solaris and Trusted Solaris (an ultra-secure variant of Solaris); IBM AIX and OS/400; Hewlett-Packard HP-UX. Microsoft SQL Server, Oracle 8i, 9i, and 10g, and IBM DB2 databases have already had collectors created for them, too, as have application suites from SAP and Oracle. The collectors can also plug into several dozen other software tiers, including Web and application servers, firewalls, identity managers, network intrusion detectors, virtual private networks, routers, and such, using the most appropriate access methods--syslog, ODBC or JDBC, SSH, SSL, SNMP, HTTPS, and so forth--to link the Sentinel monitor product to the collectors. Collectors have also been created to interface with the RACF and ACF security software of IBM mainframes and the security layers in HP's NonStop fault tolerant clusters.

However, to meet compliance regulations, you have to make all that audit data mean something, and that is what the Control Pack add-on to the Sentinel product are all about.

The software also has application programming interfaces that allow it to hook into other management frameworks, such as Hewlett-Packard's Help Desk or BMC Software's Remedy packages.

A few months after Novell bough Immunix, it took the AppArmor security appliance software that Immunix had created and not only began the task of embedding it into SUSE Linux, but also released the AppArmor code as an open source project as a means to help create the thousands of application profiles that the AppArmor software requires. It is unclear if Novell will take the Sentinel security product it just acquired open source. All that Novell has said so far is that the Sentinel 5 software will be available from Novell and its reseller partners beginning in May, and that the next version of the product will come out this summer.

There were some 80 people who worked at e-Security, and Novell says that it has left the existing sales force in tact as a separate unit for now and that key employees have been retained by Novell, including e-Security's chief technology officer and co-founder, Reed Harrison. Sales and engineering for the Sentinel product will remain in Vienna, but the company will be rolled into Novell's system security and identity management unit, which includes the AppArmor, ZENworks, and Novell Identity Manager products. Down the road, Novell says it will sell the Sentinel product under its own brand, and the odds favor the obvious name for it: Novell Sentinel. Oddly, the Sentinel product does not yet support SUSE Linux, but Novell says it will be able to make that happen in about three months. Novell says that it will continue to support Solaris and Windows versions of the Sentinel program going forward.

RELATED STORIES

Novell Takes AppArmor Security Middleware Open Source

Novell Acquires Linux Security Vendor Immunix