[ISN] Symantec Buys Security Consulting Pioneer @stake

InfoSec News isn at c4i.org
Fri Sep 17 07:48:27 EDT 2004


http://www.eweek.com/article2/0,1759,1646978,00.asp

By Dennis Fisher 
September 16, 2004 

Updated: The company says it is acquiring @stake, one of the first 
digital security consulting firms in the industry, for an undisclosed 
sum. 

Symantec Corp. on Thursday announced that is acquiring @stake Inc., 
perhaps the most well-known security consulting firm in the industry, 
for an undisclosed sum. 

The purchase marks the end of an era for @stake, and in a sense, for 
the security industry at large. Among the first digital security 
consulting firms to pop up, @stake made its name by assembling an 
all-star roster of security talent and then turning the researchers 
and consultants loose on a wide variety of projects, both mainstream 
and arcane. The company got an early boost when it acquired the hacker 
collective known as L0pht Heavy Industries, a Boston-based group made 
up of some of the best-known security researchers in the world, 
including Peiter Zatko, known as Mudge, and Chris Wysopal, who went by 
the handle Weld Pond. 

Wysopal is still with @stake, as the company's director of research 
and development, but almost all of the other L0pht members have left. 
A Symantec spokesperson said Wysopal would be staying with Symantec as 
director of development. James Mobley, @stake CEO, will also stay with 
Symantec as vice president of global security consulting. The company 
hopes to keep as many of @stake's 115 employees as it can and will 
keep the Cambridge, Mass., office open for the time being. 

The L0pht collective began in 1992 in Boston's South End and many of 
its members had been active in the security scene for many years by 
the time @stake acquired the group in 2000. The presence of such 
high-profile researchers lent an aura of credibility and mystique to 
@stake in its early days, but as the members began leaving to start 
their own companies or to go into semi-retirement as Mudge did, the 
firm took on a more corporate character. 

Many of the company's former employees cited the more buttoned-down 
atmosphere and conflicting feelings about doing business with big 
software vendors such as Microsoft Corp. as their reasons for leaving. 
For a group best known for writing the L0phtcrack password-cracking 
tool and telling Congress that its members could take down the 
Internet within a few minutes, this was a major shift. 

"It was a little bit surprising that they were bought, but this is the 
way things are going. You still have some independent companies out 
there doing research, but the overall feeling is that most of the 
industry works for the bigger companies now," said Dave Aitel, CEO of 
Immunity Inc. in New York, and a former @stake consultant. 

"[@stake has] had a ton of turnover so the people who are there now 
aren't necessarily the top people. But I don't think it will be much 
of a change for them. It was never this welcoming little cocoon 
atmosphere that people thought it was. It's a consulting company. 
There's not much difference between consulting for @stake and 
Symantec - maybe better benefits." 

For Symantec, of Cupertino, Calif., the purchase of @stake gives the 
company access to a world-class research organization as well as a 
ready-made roster of high-end consulting clients. The company plans to 
integrate the @stake employees and offerings into its global services 
organization. 





More information about the ISN mailing list