Symantec To Acquire SecurityFocus

Offers Most Complete Security Early Warning System Available

CUPERTINO, Calif. – July 17, 2002 – Symantec Corp. (Nasdaq: SYMC) today announced the acquisition of SecurityFocus for approximately US$75 million in cash. With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats. The transaction is expected to close by early to mid-August 2002.

“SecurityFocus has established the most respected security community and developed one of the leading early warning systems for customers around the world,” said John W. Thompson, Symantec chairman and chief executive officer. “This acquisition will broaden Symantec’s leadership in Internet security response with the addition of the world’s first global threat management system, the most complete vulnerability database and customizable alert services.”

“We have developed our global threat management systems to provide customers with timely and actionable information relevant to their individual networks,” said Arthur Wong, SecurityFocus co-founder and chief executive officer. “Combined with Symantec’s world-class antivirus expertise, industry-leading intrusion detection solutions and back-end infrastructure, we can rapidly deploy the most comprehensive threat management solutions to our global customers worldwide.”

SecurityFocus has developed the world’s most comprehensive and up-to-date database of vulnerabilities available. Symantec will continue to license the Vulnerability Database to security product vendors, managed service providers and other organizations that use it to create powerful new security products and services for their customers.

In addition, Symantec will continue to manage the Bugtraq mailing list and the online security community under the SecurityFocus brand. It will continue to offer a forum for objective reporting by security experts on the latest IT threats and attacks as well as how to prevent security breaches.

Symantec will also leverage the DeepSight line of global threat management solutions. The DeepSight Threat Management System provides early warning of attacks along with specific threat and patch information allowing companies to proactively protect their networks. More than 15,000 partners in more than 175 countries are registered to automatically provide a constant stream of security data that is correlated and analyzed to identify active attacks.

DeepSight Analyzer gives IT professionals the ability to track and manage incidents on their own networks by automatically correlating attacks from a multitude of intrusion detection solutions. The product manages threats by comparing incidents on their network against the Vulnerability Database, tracking attacks to resolution and generating statistical incident reports. Using information about suspicious network traffic and intrusions submitted by anonymous users, SecurityFocus identifies patterns in attacks that help serve as a threat-gauging system for the Internet community.

By monitoring almost 11,000 distinct versions of more than 2,700 products from 1,300 vendors, SecurityFocus provides proactive, customized alert services for environment-specific vulnerabilities and malicious code alerts. DeepSight Alert Services can be configured to ensure that customers receive only alerts that are relevant to their networks, enabling them to deploy patches or work-arounds before vulnerabilities can be exploited.

Conference Call

Symantec has scheduled a conference call for 5 p.m. EDT today to discuss fiscal first quarter results and the acquisition. Interested parties may access the conference call on the Internet at To listen to the live call, please go to the Web site at least 15 minutes early to register, download and install any necessary audio software. In addition, conference call numbers are available. The listen-only number for domestic callers is 1-800-967-7184, while international listeners can dial 719-457-2633. A replay of the call will be available on the Internet at until Aug. 14, 2002.

About Security Focus

SecurityFocus is a leading provider of enterprise security threat management systems. SecurityFocus provides global early warning of cyber attacks, customized and comprehensive threat alerts, and countermeasures to prevent attacks before they occur. As a result, SecurityFocus customers can mitigate risk, manage threats and ensure business continuity. The company also licenses the world’s largest, most complete vulnerability database, hosts the most popular security community, Bugtraq, and publishes original security content on its web site at SecurityFocus, headquartered in San Mateo, Calif., is a privately held company backed by leading investors including ArrowPath Venture Capital (formerly E*TRADE Venture Capital) and Mobius Venture Capital (formerly SOFTBANK Venture Capital).

About Symantec

Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec’s Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit

Don't miss