[ISN] Symantec Buys Security Consulting Pioneer @stake
isn at c4i.org
Fri Sep 17 07:48:27 EDT 2004
By Dennis Fisher
September 16, 2004
Updated: The company says it is acquiring @stake, one of the first
digital security consulting firms in the industry, for an undisclosed
Symantec Corp. on Thursday announced that is acquiring @stake Inc.,
perhaps the most well-known security consulting firm in the industry,
for an undisclosed sum.
The purchase marks the end of an era for @stake, and in a sense, for
the security industry at large. Among the first digital security
consulting firms to pop up, @stake made its name by assembling an
all-star roster of security talent and then turning the researchers
and consultants loose on a wide variety of projects, both mainstream
and arcane. The company got an early boost when it acquired the hacker
collective known as L0pht Heavy Industries, a Boston-based group made
up of some of the best-known security researchers in the world,
including Peiter Zatko, known as Mudge, and Chris Wysopal, who went by
the handle Weld Pond.
Wysopal is still with @stake, as the company's director of research
and development, but almost all of the other L0pht members have left.
A Symantec spokesperson said Wysopal would be staying with Symantec as
director of development. James Mobley, @stake CEO, will also stay with
Symantec as vice president of global security consulting. The company
hopes to keep as many of @stake's 115 employees as it can and will
keep the Cambridge, Mass., office open for the time being.
The L0pht collective began in 1992 in Boston's South End and many of
its members had been active in the security scene for many years by
the time @stake acquired the group in 2000. The presence of such
high-profile researchers lent an aura of credibility and mystique to
@stake in its early days, but as the members began leaving to start
their own companies or to go into semi-retirement as Mudge did, the
firm took on a more corporate character.
Many of the company's former employees cited the more buttoned-down
atmosphere and conflicting feelings about doing business with big
software vendors such as Microsoft Corp. as their reasons for leaving.
For a group best known for writing the L0phtcrack password-cracking
tool and telling Congress that its members could take down the
Internet within a few minutes, this was a major shift.
"It was a little bit surprising that they were bought, but this is the
way things are going. You still have some independent companies out
there doing research, but the overall feeling is that most of the
industry works for the bigger companies now," said Dave Aitel, CEO of
Immunity Inc. in New York, and a former @stake consultant.
"[@stake has] had a ton of turnover so the people who are there now
aren't necessarily the top people. But I don't think it will be much
of a change for them. It was never this welcoming little cocoon
atmosphere that people thought it was. It's a consulting company.
There's not much difference between consulting for @stake and
Symantec - maybe better benefits."
For Symantec, of Cupertino, Calif., the purchase of @stake gives the
company access to a world-class research organization as well as a
ready-made roster of high-end consulting clients. The company plans to
integrate the @stake employees and offerings into its global services
More information about the ISN