Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/22/2010
05:52 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Trustwave Acquires Breach Security

Deal creates a single-source WAF and application penetration testing solution

CHICAGO (June 22, 2010) Trustwave, a leading provider of information security and compliance solutions, announces it has acquired Breach Security, a leading provider of web application firewall technology. The terms of the deal are confidential.

A web application firewall (also known as an application-layer firewall or WAF) is an appliance or software that provides protection for web applications (such as an e-commerce site) against attacks. In addition to continuing to offer and support one of the industrys leading enterprise-grade WAF technologies as a point solution, Trustwave will also integrate the WAF into its existing application security suite delivered through its SpiderLabs advanced security team to provide complete web application life cycle protection. Trustwaves SpiderLabs is a leading provider of application security programs, including penetration testing, secure code review, security-focused software development training and incident response.

When combined, WAF and application penetration testing more effectively protect applications from cybercriminals than each of the solutions deployed in a stand-alone manner. As noted in Trustwaves SpiderLabs 2010 Global Security Report, SQL injection a code injection technique that exploits a security vulnerability occurring in the database layer of an application is one of the top attack methods employed by hackers to gain unauthorized access to information. While application penetration testing and WAF technologies are both designed to thwart such attacks, implementing the two solutions together presents an entirely new challenge for cybercriminals. Hackers increasingly target insecure web applications as their point of entry into an organizations network, said Sanjay Mehta, CEO of Breach Security. Adding WAF to Trustwaves application security suite provides customers with an unrivaled defense-in-depth solution to secure applications throughout the software development lifecycle.

Breach Securitys WebDefend application firewall appliance, deployed by enterprises and small and mid-sized businesses, features inbound and outbound inspection of web traffic for sensitive data, such as credit card and Social Security numbers. This advanced web application firewall offers customized, behavior-based security, tuned for each protected application. WebDefend uses a patented profiling system and multiple, collaborative detection engines to ensure the flow of mission-critical traffic while supplying complete protection for applications to keep an organizations confidential information safe from targeted attacks and leaks. In addition, Breach Security has been the primary custodian of ModSecurity, the most widely deployed web application firewall in the world with more than 10,000 deployments. Trustwaves legacy of providing threat intelligence to the security community through SpiderLabs will be enhanced with our commitment to support ModSecurity and its diverse and widespread user base. Application penetration testing and web application firewalls also provide compliance with requirement 6.6 of the Payment Card Industry Data Security Standard (PCI DSS).

Trustwaves acquisition of Breach Security further strengthens their commitment to providing customers with a complete application security program, says Ed DeMeo, director distribution and information services at Uniek Inc., the largest designer and manufacturer of picture frames and home dcor accents for retailers in North America. Adding WAF to SpiderLabs real-time research is a powerful combination to help ensure web applications are always protected and sensitive data is secure.

This acquisition adds more truly innovative technology to Trustwaves product portfolio, significantly enhancing our ability to help our clients secure their information, said Robert J. McCullen, chairman and CEO of Trustwave. Combining an industry leading WAF solution with our SpiderLabs services should make our application security capabilities unmatched in the industry. About Trustwave Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with todays challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizationsranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailersmanage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10694
PUBLISHED: 2019-12-12
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1....
CVE-2019-10695
PUBLISHED: 2019-12-12
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user�s username and password were exposed in the job�s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the ...
CVE-2019-5085
PUBLISHED: 2019-12-12
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
CVE-2019-5090
PUBLISHED: 2019-12-12
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulner...
CVE-2019-5091
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.