Lawsuit Determines Symantec and ISS Stole Patented Tech for IDSes
ISS’s RealSecure Intrusion Detection System and (I think) Manhunt from Symantec had incorporated anamoly detection capabilities into their software that was a patent infringement against SRI, a research group out of Stanford. The lawsuit has been going back and forth for years, but a jury finally made a determination and ISS and Symantec have to pay up. According to SRI, millions of bucks are at stake.
From Computerwire here:
IBM’s Atlanta-based Internet Security Systems unit and Symantec have lost a patent suit filed by SRI International, the research institute founded at Stanford University, which alleged the companies infringed its network surveillance patents.
California-based SRI filed the patent suit in the federal court in Delaware in 2004. The court ruled that the companies infringed two SRI patents. SRI has claimed the companies have made millions of dollars using its technology.
The patents in question are here and here. They deal with using statistical profiles to detect anamolies or suspicious activity on networks and the heirarchical listing of network events. ISS’s RealSecure uses such gadgetry, but the only IDS I can think of that Symantec would have used that did anything similar is the Manhunt product, which is end of life.
From the Manhunt Acquisition announcement here:
“We have developed next generation intrusion detection technology with protocol anomaly detection and behavioral flow techniques to detect, analyze and respond to attacks before they become a problem,” said Frank Huerta, Recourse president and chief executive officer. “We will be able to leverage Symantec’s global scale and brand strength necessary to take ManHunt to new heights in the market.”
It would be ironic if the lawsuit cost Symantec more money than they spent acquiring the Manhunt technology in the first place. Symantec paid $135 Million for Recourse, the maker of ManTrap, and it never really took off for them in sales. The Manhunt device was difficult to support, a pain to use, and development and updates languished. Finally, Symantec chucked the product in the trash. But the acquisition may come back to haunt them.
And this isn’t the first time Symantec was royally screwed by a bad acquisiton. When they bought Veritas, their stocks plummeted. Then they found out that Veritas owed a billion bucks in back taxes to the IRS.
I am not surprised.
The last time I sat in a room with Symantec people they were talking some very shady business about acquiring companies.
I take it you were still back at the University? Why would Symantec employees be running their mouths talking about acquisitons?
Yeah, they do gobble up quite a few companies, though its difficult to see what the strategy is behind that. For instance, you can see what McAffee is doing with their acquisitons, as each company fills a hole in their product offerings.
Symantec, not so much, and CA even worse.
They were trying to impress us with all of the services and products they offer besides just threat protection.
We were not impressed.
And, yah, CA doesn’t even enter the thought process. We knew better.