The planned Astaro acquisition will bring Sophos a growing provider in a complementary network security market for midsize businesses. But Sophos must proceed carefully to succeed in both network and desktop security.
On 6 May 2011, Sophos, an Oxfordshire, U.K.-based provider of security and data protection technologies including endpoint protection, announced that it has entered into a definitive agreement to acquire Astaro, a provider of firewall and unified threat management (UTM) technologies headquartered in Wilmington, Massachusetts and Karlsruhe, Germany.
The planned Astaro acquisition is, overall, a positive development that will bring Sophos a growing player in a growing network security market. Astaro’s products and Sophos’ management console are primarily focused on midsize businesses (those with approximately 100 to 1,000 employees). The UTM market, which is largely driven by small and lower-midsize businesses (those with fewer than 500 employees), grew 25% between 2009 and 2010, faster than the enterprise firewall market. Astaro has been a strong performer in midsize deployments where UTM technologies are adopted when a router alone proves to be inadequate, but enterprise-class products such as next-generation firewalls or secure Web gateways are too expensive or complex.
Astaro's growth in this market has been above average, especially in regions outside North America, where UTM revenue growth has been highest. There are areas, such as network access control and reputation feeds, where improved integration across desktop and network security — which this acquisition may enable — should prove attractive to some buyers.
However, none of the leaders in the UTM market is a leader in endpoint protection, mainly because the endpoint protection and network security markets have very different buying centers, threat drivers and channels. Sophos, which will likely maintain the Astaro brand, at least in the short term, has said it will not try to force a “one size fits all” management solution across both product network and desktop security areas, an approach that Gartner believes would risk dilution in both. (Astaro has also introduced non-UTM products, such as wireless local-area network access points, that are not a strong strategic fit for Sophos.) Another potential issue is that Sophos licenses its threat and reputation information to several other UTM vendors. Sophos has stated that it intends to continue to do so, but competing UTM providers are unlikely to wish to continue their Sophos relationships in the long term.
Despite these concerns, Gartner believes that Sophos' channel partners and customers will find having complementary solutions from the same provider attractive when they wish to add to their incumbent Sophos or Astaro deployments. The larger combined entity and product portfolio will provide assurances for new customers — and present challenges for competitors.
Current and prospective Astaro customers: Consider this acquisition a positive development, because of Sophos' greater resources and channel support. But review Sophos' plans for non-UTM products from Astaro that you are using or evaluating.
Sophos customers evaluating UTM products: Include Astaro on your shortlists, but also consider leading alternatives.
Some documents may not be available as part of your current Gartner subscription.
"Magic Quadrant for Unified Threat Management" — Large enterprises and small or midsize businesses have significantly different network security requirements, and need to make their UMT buying decisions by mapping their threat and deployment patterns to the optimal offering. By John Pescatore and Bob Walder
"Magic Quadrant for Endpoint Protection Platforms" — Malware effectiveness continues to accelerate, but vendors in this market are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users. By Peter Firstbrook, John Girard and Neil MacDonald