Earlier this month McAfee completed its acquisition of Foundstone. Previously I reported that several early refugees from Foundstone, led by Kevin Mandia, founded Red Cliff Consulting. Now a faction led by another former Foundstone director, Clinton Mugge, has created C-Level Security. Whereas Red Cliff focuses on computer forensics and incident response, C-Level concentrates on prevention-oriented services like vulnerability assessments and network architecture. C-Level's first press release emphasizes its independent nature, according to founder Mugge:
"Problems are solved by selecting and deploying the best products and solutions in an unbiased manner, something a product-centric vendor is just not focused on delivering. C-Level Security's clients are provided the knowledge and understanding to make strategic decisions in security roadmap planning and spending without the push toward a single vendor product line."
These departures are a good example why a company based on providing services sells for less than one selling a product. Less than one month since the acquisition of Foundstone, two groups who formerly provided substantial intellectual firepower have left McAfee for greener pastures. Until software grows its own legs, it will be difficult for it to walk out the door when acquired by a bigger company.
According to its Web site, C-Level has partnered with Red Cliff for services (no doubt IR and forensics) and with NT Objectives for technology. That is the same NTO against which Foundstone filed a restraining order two years ago for trying to release a product suspiciously similar to FoundScan. A recent Red Herring story reports
"Software company NT Objectives, based in Orange County, California, is just coming out from under trade-secret litigation from security consulting firm Foundstone, and has secured less than $1 million in funding... the company searched for funding, did not get it, and has since stopped looking and is getting by on product sales."