Czech infosec developer Grisoft, which increasingly brands itself AVG, is to announce the acquisition of web threat mitigation vendor Exploit Prevention Labs (XPL).
Roger Thompson, co-founder and CTO of Atlanta, Georgia-based XPL, said he created the company at the end of last year to address the emerging trend toward web-based threats, with exploits planting rootkits and compromising websites unbeknown to their legitimate owners.
Its LinkScanner product is a host-based offering that uses a mixture of signatures and heuristics on traffic streams to determine in real time whether a site is being used to mount an exploit and prevent the host from being compromised.
Thompson cited the case of a web site, K1-USA.net, a martial arts site that was compromised last year and was iframing out to an exploit site in Russia. We spotted it long before Google and warned them, he said. So they cleaned up their site, but by that time Google had blacklisted them, after which it took them ages to get off the blacklist, with serious consequences for their business.
He said services like Google or McAfee’s SiteAdvisor are too slow to spot something’s bad and then too slow to see that it’s been cleaned up, adding that the closest competitor to LinkScanner in terms of technological approach is an offering from Finjan.
JR Smith, CEO of Brno-based AVG, said the LinkScanner product, which may be re-branded under the AVG banner, will continue to be offered as a standalone, but will also become a module within his company’s Internet Security bundle, which in addition to the AV package also includes anti-spam, anti-spyware, and a firewall.
Both companies are privately held, so no financial information about the deal will be disclosed. AVG is just shy of 300 people while XPL has just 18, the intention being to retain that staff for ongoing development of the LinkScanner product.
Smith said that although it has VC backers including Intel Capital, AVG is already a self-supporting entity that can fund its acquisitions from revenue, so no additional funding will be required.
This is another case of an infosec vendor adding functionality through acquisition for a bundled offering. To date, AVG has remained true to its host-based roots, so it will be interesting to see whether, down the road, it decides to expand to a gateway offering and to add hardware for a U appliance.