App Security Could Help Firewalls

Database encryption specialist Protegrity Corp.s acquisition of Kavado Inc. for an undisclosed sum last week has placed the application security space in the spotlight once again (see Protegrity Acquires Kavado and Security Approaches Day Zero). The upshot could be a fresh round of consolidation in the segment.

Kavado is one of a number of startups, including NetContinuum Inc., Teros Inc., and Imperva Inc., that specialize in protecting applications by checking TCP sessions before they reach the application.

This technique is important because many applications were written before current security threats emerged, making them particularly vulnerable to attack from hackers. In a worst-case scenario, weak spots could open firms up to identity theft or the loss of complete datasets. “The hackers’ skills have improved,” admits Peter Abrams, vice president of marketing at NetContinuum. “It’s like warfare.”

Firms differ in how they check TCP. Whereas NetContinuum, Teros, and Imperva offer specialist security hardware, Kavado takes a software-based approach. Additionally, Imperva focuses heavily on database security (see Imperva Validated ).

The specialty all these vendors share, though, could draw interest from potential acquirers. Andrew Jacquith, senior analyst at The Yankee Group feels that these startups could make prime fodder for some of the industry's big-name firewall vendors such as Cisco Systems Inc. (Nasdaq: CSCO), Check Point Software Technologies Ltd. (Nasdaq: CHKP), and Juniper Networks Inc. (Nasdaq: JNPR).”It’s certainly true that the firewall vendors have not had the pure-play DNA for application security,” Jacquith says. “I think that the firewall vendors, with the right assets, or partners, could do a decent job here.”

There has already been some activity in this space, with F5 Networks Inc. (Nasdaq: FFIV) recently snapping up the assets and intellectual property of Watchfire Corp.’s AppShield Web application security firewall. This followed last year’s acquisition of another application security specialist, MagniFire Websystems (see F5 Acquires MagniFire).

Not everyone sees imminent M&A. Pete Lindstrom, an analyst at Spire Security, is not so convinced that we’re likely to see a frenzy of activity around application security. “In my view, the Protegrity/Kavado play seems more of a play against the success of [database encryption specialist] Ingrian Networks," he says.

Ingrian, which offers a range of hardware for protecting databases, appears to be winning customers (see Security Startup Spawns New Hardware). As well as launching a slew of new products, the company also clinched $15.4 million in funding earlier this year (see Ingrian Nets $15.4M Round D).

Big firewall vendors also may not need the app security startups. Jacquith admits that the big names are not exactly starting from scratch. “There are certain types of Web application attack that they can automate well enough,” he says. “For example, buffer overflows in Web format.”The startups themselves are reticent about their acquisition potential. Teros's director of product marketing, John Jeffries, admits that the vendor has received some overtures. “We have had some people flirting with us in the past, but as a company we’re focusing on getting to profitability.” He won't give names.

NetContinuum's Abrams refused to comment on the issue of possible acquisitions, and Shlomo Kramer, Imperva’s CEO, tells NDCF only that the startup is focused on building up its own business.

Protegrity CEO Gordeon Rapkin, says the Kavado deal was more about extending the company’s reach. “Our goal is to give a company a true data security management environment, and to do that we have to go beyond the database,” he says.

— James Rogers, Site Editor, Next-Gen Data Center Forum