PatchLink merges with SecureWave

Scottsdale, Arizona-based PatchLink and Luxemburg-based SecureWave SA have agreed to an all-stock merger. The merger transaction is subject to the approval of SecureWave shareholders and is expected to be completed within a month or so. The merger of these two Common Criteria certified companies creates what the companies’ describe as the industry’s first comprehensive security platform for unified protection and control of all enterprise servers and endpoints. Note that this merger follows closely on the heels of PatchLink’s February 2007 acquisition of Melbourne, Florida-basedHarris STAT.

Companies in with a large mobile workforce would be interested in SecureWave’s leading product — SecureWave Sanctuary — which offers unified policy enforcement for centrally managing and monitoring devices and applications to protect against data leakage and malware threats. Sanctuary relies on a positive security model, allowing only authorized applications to run and only authorized devices to connect to laptops, PCs, servers, terminal services servers, and thin clients. PatchLink’s vulnerability management solutions complement Sanctuary well.

We made a reference to Common Criteria (CC) in the paragraph above, so here goes: CC is an international standard (ISO/IEC 15408) for computer security. It is different from, say, FIPS 140, in that Common Criteria does not provide a list of product security requirements or features which must be incorporated in products. Rather, it describes a framework in which computer system users can specify their security requirements, vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims.