News
3/18/2014
11:10 AM
50%
50%

TrustWave Acquires Application Scanning Vendor Cenzic

As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services

CHICAGO, IL--(Marketwired - Mar 18, 2014) - Trustwave today announced the acquisition of Cenzic, Inc. The acquisition brings together Cenzic's dynamic application security testing technologies with Trustwave's cloud-based application, database and network penetration testing and scanning services. The combination will create one of the industry's broadest, integrated security testing platforms designed to help businesses rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risks.

Powered by its patented Hailstorm technology, Cenzic enables organizations to continuously assess cloud, mobile and web applications for vulnerabilities. As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services that will help secure those applications throughout their lifecycle. Integration of Cenzic solutions with web application firewalls and security information and event management systems, including those from Trustwave, offers additional layers of protection.

"This acquisition brings together two security leaders who understand the power automation brings to managing the aggressive and evasive threats we're seeing today," said Robert McCullen, Chairman and Chief Executive Officer at Trustwave. "Cenzic's highly automated and scalable security testing platform supercharges our ability to deliver integrated testing across a high volume of applications. This acquisition marks another milestone in Trustwave's strategy to deliver comprehensive, automated and integrated security, compliance and threat intelligence solutions to the industry -- all delivered through the cloud."

Testing today's cloud, mobile and web applications requires a combination of static and dynamic application security testing techniques. "The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market," wrote industry analysts in a recent report about application security testing.

Static application security testing (SAST) examines non-running applications by looking at source code or binaries -- often before business-critical applications are launched. Dynamic application security testing (DAST) is focused on continuously probing running applications to look for vulnerabilities on an ongoing basis.

Businesses and governments increasingly rely on cloud, mobile and web applications to interact with customers, partners and suppliers, and those applications are constantly at risk from hackers who exploit security vulnerabilities. Cenzic research found that 96% of all applications tested in 2013 had one or more serious security vulnerabilities with a median of 14 per application.

Cenzic automates security testing across all applications types -- cloud, mobile and web. Cenzic solutions scale from a single application to enterprise-level deployments, and its intelligent technology uses behavioral, stateful and learning algorithms to help ensure the highest accuracy for automated assessment of even the most complex applications.

Founded in 2000 and headquartered in Silicon Valley, Cenzic tests more than half a million online applications and helps secure trillions of dollars of commerce for Fortune 1000 companies, government agencies, universities and small and medium businesses.

Financial terms were not disclosed.

Additional Resources

Report: 2014 Security Pressures Report from Trustwave

Report: Cenzic Application Vulnerability Trends Report: 2014

Report: 2013 Trustwave Global Security Report

News: Trustwave Introduces On-Demand Penetration Testing (October 2013)

Video: Trustwave Managed Security Testing

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than two million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?