News
3/18/2014
11:10 AM
Connect Directly
RSS
E-Mail
50%
50%

TrustWave Acquires Application Scanning Vendor Cenzic

As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services

CHICAGO, IL--(Marketwired - Mar 18, 2014) - Trustwave today announced the acquisition of Cenzic, Inc. The acquisition brings together Cenzic's dynamic application security testing technologies with Trustwave's cloud-based application, database and network penetration testing and scanning services. The combination will create one of the industry's broadest, integrated security testing platforms designed to help businesses rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risks.

Powered by its patented Hailstorm technology, Cenzic enables organizations to continuously assess cloud, mobile and web applications for vulnerabilities. As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services that will help secure those applications throughout their lifecycle. Integration of Cenzic solutions with web application firewalls and security information and event management systems, including those from Trustwave, offers additional layers of protection.

"This acquisition brings together two security leaders who understand the power automation brings to managing the aggressive and evasive threats we're seeing today," said Robert McCullen, Chairman and Chief Executive Officer at Trustwave. "Cenzic's highly automated and scalable security testing platform supercharges our ability to deliver integrated testing across a high volume of applications. This acquisition marks another milestone in Trustwave's strategy to deliver comprehensive, automated and integrated security, compliance and threat intelligence solutions to the industry -- all delivered through the cloud."

Testing today's cloud, mobile and web applications requires a combination of static and dynamic application security testing techniques. "The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market," wrote industry analysts in a recent report about application security testing.

Static application security testing (SAST) examines non-running applications by looking at source code or binaries -- often before business-critical applications are launched. Dynamic application security testing (DAST) is focused on continuously probing running applications to look for vulnerabilities on an ongoing basis.

Businesses and governments increasingly rely on cloud, mobile and web applications to interact with customers, partners and suppliers, and those applications are constantly at risk from hackers who exploit security vulnerabilities. Cenzic research found that 96% of all applications tested in 2013 had one or more serious security vulnerabilities with a median of 14 per application.

Cenzic automates security testing across all applications types -- cloud, mobile and web. Cenzic solutions scale from a single application to enterprise-level deployments, and its intelligent technology uses behavioral, stateful and learning algorithms to help ensure the highest accuracy for automated assessment of even the most complex applications.

Founded in 2000 and headquartered in Silicon Valley, Cenzic tests more than half a million online applications and helps secure trillions of dollars of commerce for Fortune 1000 companies, government agencies, universities and small and medium businesses.

Financial terms were not disclosed.

Additional Resources

Report: 2014 Security Pressures Report from Trustwave

Report: Cenzic Application Vulnerability Trends Report: 2014

Report: 2013 Trustwave Global Security Report

News: Trustwave Introduces On-Demand Penetration Testing (October 2013)

Video: Trustwave Managed Security Testing

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than two million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.