News
3/18/2014
11:10 AM
Connect Directly
RSS
E-Mail
50%
50%

TrustWave Acquires Application Scanning Vendor Cenzic

As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services

CHICAGO, IL--(Marketwired - Mar 18, 2014) - Trustwave today announced the acquisition of Cenzic, Inc. The acquisition brings together Cenzic's dynamic application security testing technologies with Trustwave's cloud-based application, database and network penetration testing and scanning services. The combination will create one of the industry's broadest, integrated security testing platforms designed to help businesses rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risks.

Powered by its patented Hailstorm technology, Cenzic enables organizations to continuously assess cloud, mobile and web applications for vulnerabilities. As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services that will help secure those applications throughout their lifecycle. Integration of Cenzic solutions with web application firewalls and security information and event management systems, including those from Trustwave, offers additional layers of protection.

"This acquisition brings together two security leaders who understand the power automation brings to managing the aggressive and evasive threats we're seeing today," said Robert McCullen, Chairman and Chief Executive Officer at Trustwave. "Cenzic's highly automated and scalable security testing platform supercharges our ability to deliver integrated testing across a high volume of applications. This acquisition marks another milestone in Trustwave's strategy to deliver comprehensive, automated and integrated security, compliance and threat intelligence solutions to the industry -- all delivered through the cloud."

Testing today's cloud, mobile and web applications requires a combination of static and dynamic application security testing techniques. "The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market," wrote industry analysts in a recent report about application security testing.

Static application security testing (SAST) examines non-running applications by looking at source code or binaries -- often before business-critical applications are launched. Dynamic application security testing (DAST) is focused on continuously probing running applications to look for vulnerabilities on an ongoing basis.

Businesses and governments increasingly rely on cloud, mobile and web applications to interact with customers, partners and suppliers, and those applications are constantly at risk from hackers who exploit security vulnerabilities. Cenzic research found that 96% of all applications tested in 2013 had one or more serious security vulnerabilities with a median of 14 per application.

Cenzic automates security testing across all applications types -- cloud, mobile and web. Cenzic solutions scale from a single application to enterprise-level deployments, and its intelligent technology uses behavioral, stateful and learning algorithms to help ensure the highest accuracy for automated assessment of even the most complex applications.

Founded in 2000 and headquartered in Silicon Valley, Cenzic tests more than half a million online applications and helps secure trillions of dollars of commerce for Fortune 1000 companies, government agencies, universities and small and medium businesses.

Financial terms were not disclosed.

Additional Resources

Report: 2014 Security Pressures Report from Trustwave

Report: Cenzic Application Vulnerability Trends Report: 2014

Report: 2013 Trustwave Global Security Report

News: Trustwave Introduces On-Demand Penetration Testing (October 2013)

Video: Trustwave Managed Security Testing

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than two million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.