Jon’s Network

UPDATE: More on the Patchlink name change here

Patchlink has announced that they will acquire SecureWave, which adds endpoint security to their recent acquisition of the vulnerability scanner STAT Guardian (now Patchlink Scan), and their existing prowess at automated patch management. Last Fall, I told Patchlink that Bit9 would be a good buy for them, mainly because I liked their software inventory and application control features. They practice what is known as the positive security model - allowing only known applications to run on a desktop. The approach promises to eliminate the need for malware signatures, because nothing will be able to run unless it is on the whitelist. Now, I have zero pull with Patchlink, but someone over there thought of the same strategy, but chose SecureWave instead. SecureWave offers the same type of technology as Bit9 (this might not be fair to either company, but it is basically true). I think it is a good move - a great move - but Patchlink might want to change their name now to brand their new direction and unique value proposition. I like SecureLink.

My question now is whether or not the market will adopt the positive security model as a replacement to signature-based defense or view it as an adjunct. In either case, AV companies will need to develop some technology to compete with Bit9 and SecureWave or buy someone like Bit9. SecureLink/Patchwave may want to add signatures to their product. This might make it easier to sell to customers stuck on the old paradigm. I think this is why eEye added signatures recently to their Blink endpoint security product.