Report: Symantec looking to offload troubled certificate business
Symantec Corp. is reportedly contemplating selling its website certification business, according to a Reuters report, citing sources close to the matter.
The company is in talks with a few potential buyers and private equity firms, according to the report. Symantec declined to comment.
The move comes after some struggles with its certificate business. Earlier this year, Google said Symantec failed to properly validate at least 30,000 Secure Socket Layer (SSL) /Transport Security Layer (TLS) digital certificates over the last several years and that it planned to gradually remove trust in old Symantec SSL certificates and reduce the accepted validity period of newly issued Symantec certificates.
Being on Google’s naughty list is not good for any company. At the time of Google's report, engineers stated that they "no longer have confidence in the certificate issuance policies and practices of Symantec."
Google has worked to increase its policing of certificates used in its browser. Earlier this week, Google said it plans to fully distrust certificates issued by Chinese Certificate Authority WoSign starting with Chrome 61. Google accused WoSign of a number of violations.
For Symantec, Google downgrading trust in the company was a blight on its reputation, so offloading that business could potentially help Symantec move on. But the move could also be indicative of a broader shift for Symantec.
Large established security vendors — including Symantec, Cisco, IBM, Check Point and Intel — have a harder time competing against emerging vendors like Palo Alto Networks, Fortinet, Trend Micro, FireEye and Forcepoint, according to a Technology Business Research (TBR) report released in February. Symantec could therefore be looking to streamline its business and find a new niche where it can compete more effectively.