Trustwave Gains Cloud App Security Testing via Cenzic Acquisition

 
 
By Sean Michael Kerner  |  Posted 2014-03-18
 
 
 

Security vendor Trustwave is acquiring application security testing firm Cenzic in a deal announced today.

Financial terms of the purchase are not being publicly disclosed, and existing Cenzic staff will become Trustwave employees.

Cenzic's technology includes application security and testing capabilities for the cloud as well as desktop and mobile testing technologies.

Cenzic's technology is a good match for Trustwave, said Cas Purdy, vice president of corporate communications at Trustwave. "We believe Cenzic's security testing automation platform leads the industry in application security testing and will be a perfect part of the security testing services Trustwave delivers through the cloud and as managed services," Purdy told eWEEK.

The two companies have many of the same customers that use Cenzic's automated application security testing alongside the application, database and network security testing that Trustwave offers, Purdy said. "Now that the companies are one, those services and technologies will become more integrated," Purdy said.

Customers who use Cenzic alongside the Trustwave Web Application Firewall and Trustwave Security Information and Even Management (SIEM) technology will also benefit from enhanced integration that will offer additional automated security capabilities, Purdy said.

"We believe the combination will create one of the industry's broadest, integrated security testing platforms designed to help businesses rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risks," Purdy said.

While Trustwave is planning to integrate the Cenzic technology, Purdy noted that Trustwave isn't announcing any branding changes for the existing Cenzic products. Cenzic's core platform technology is known as Hailstorm and will become part of the Trustwave's application, database and network security testing services portfolio.

The goal for Trustwave is to span the full spectrum of security testing requirements, including both static as well as dynamic analysis. Static application security testing (SAST) looks at application code in an effort to detect code vulnerabilities. In contrast, dynamic application security testing (DAST) looks at running applications to find vulnerabilities.

In addition to SAST and DAST, the new integrated Trustwave solution portfolio will offer deeper security analysis across applications, databases and networks, Purdy said.

Trustwave has a history of both building its own technology assets as well as gaining technology via acquisition. Back in 2009, Trustwave acquired Vericept for its data loss prevention (DLP) capabilities. In 2010, Trustwave added Web Application Firewall (WAF) capabilities to its product portfolio via the acquisition of Breach Security. In November 2013, Trustwave acquired database security vendor Application Security Inc.

"Over the years, we've developed our application, database and network security testing portfolio both in-house as well as through some acquisitions, and we will be bringing that together for our customers," Purdy said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Rocket Fuel