Citrix, of Fort Lauderdale, Fla., plans to use Teros Web application security technology along with application delivery software it acquired with NetScaler in June.
The acquisition is part of a drive by Citrix to diversify beyond the companys traditional strength in application virtualization technology. However, some industry experts wonder whether Citrix will be able to compete against giants like Cisco Systems Inc. and others in the growing market for technology to enable and secure Web applications.
Teros, of Sunnyvale, Calif., was a leader in the niche market for Web application firewalls, which monitor traffic to and from Web servers and allow organizations to block attacks that slip by traditional network firewall and intrusion detection technology. Along with companies like Imperva Inc. and NetContinuum Inc., Teros sold products that can spot attacks or policy violations in HTML, XML (Extensible Markup Language) and other Web traffic.
Enterprise demand for products to secure Web applications has been growing as companies move critical business applications to the Web, but many of the Web application firewall startups struggled to define their products and focus their technology on critical security threats, such as common Web-based attacks and insider threats, in the nascent market, said Rob Whitely, an analyst at Forrester.
Citrix will sell Teros technology as the Citrix Application Firewall in the short term. In 2006, Citrix will port the Teros technology to its NetScaler product as an add-on feature, said Wes Wasson, Citrix vice president of application networking.
Companies are beginning to see security as one service of application delivery technology, rather than something that requires a standalone device like the Teros Web application firewall, said Wasson.
"A Web application firewall has to do 80 percent of the heavy lifting as the core NetScaler system. Application security needs to be thought of alongside application policy, load balancing, caching and compression," he said.
In fact, Citrix was almost bound to buy Web application security technology—or develop it on its own—once the company made the investment in NetScaler, said John Pescatore, of Gartner Inc.
Citrix must now compete against companies like F5 and Cisco, both of which invested in application optimization and security technology (F5 buying Magnifire Websystems Inc. in June 2004, and Cisco buying FineGround Networks in May 2005) that had security features built-in, Pescatore said.
With both the NetScaler and Teros technology, Citrix will be able to offer its customers technology to make Web-based applications faster and more secure, in the same way that the companys virtualization did for client-server technology, Wasson said.
"Citrix has 160,000 customers, which is a very impressive install base. But the…applications were in front of are limited to client-server applications," Wasson said. "As the profile moves toward browser-based deployment, we need to be able to go in front of our customers with solutions for all their applications."
Diversification is key if Citrix hopes to hold on to all those customers, Whitely agreed.
Together with NetScaler, Teros will give the company an attractive set of features to sell into that huge customer base, Whitely said.
However, the company will need to keep talent from NetScaler and Teros on the payroll so that the company can continue to develop products and services that meet fast-changing demands, he said.
"Citrix has always been known as a company thats a mile wide, but an inch deep," Whitely said. "With Teros, maybe now theyre a mile wide, and half a mile deep," he said.