Trustwave today announced the acquisition of Cenzic, Inc. The acquisition brings together Cenzic’s dynamic application security testing technologies with Trustwave’s cloud-based application, database and network penetration testing and scanning services. The combination will create one of the industry’s broadest, integrated security testing platforms designed to help businesses rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risks.
Powered by its patented Hailstorm technology, Cenzic enables organizations to continuously assess cloud, mobile and web applications for vulnerabilities. As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services that will help secure those applications throughout their lifecycle. Integration of Cenzic solutions with web application firewalls and security information and event management systems, including those from Trustwave, offers additional layers of protection.
“This acquisition brings together two security leaders who understand the power automation brings to managing the aggressive and evasive threats we’re seeing today,” said Robert McCullen, Chairman and Chief Executive Officer at Trustwave. “Cenzic’s highly automated and scalable security testing platform supercharges our ability to deliver integrated testing across a high volume of applications. This acquisition marks another milestone in Trustwave’s strategy to deliver comprehensive, automated and integrated security, compliance and threat intelligence solutions to the industry—all delivered through the cloud.”
Testing today’s cloud, mobile and web applications requires a combination of static and dynamic application security testing techniques. “The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market,” wrote industry analysts in a recent report about application security testing.
Static application security testing (SAST) examines non-running applications by looking at source code or binaries – often before business-critical applications are launched. Dynamic application security testing (DAST) is focused on continuously probing running applications to look for vulnerabilities on an ongoing basis.
Businesses and governments increasingly rely on cloud, mobile and web applications to interact with customers, partners and suppliers, and those applications are constantly at risk from hackers who exploit security vulnerabilities. Cenzic research found that 96 percent of all applications tested in 2013 had one or more serious security vulnerabilities with a median of 14 per application.
Cenzic automates security testing across all applications types—cloud, mobile and web. Cenzic solutions scale from a single application to enterprise-level deployments, and its intelligent technology uses behavioral, stateful and learning algorithms to help ensure the highest accuracy for automated assessment of even the most complex applications.
Founded in 2000 and headquartered in Silicon Valley, Cenzic tests more than half a million online applications and helps secure trillions of dollars of commerce for Fortune 1000 companies, government agencies, universities and small and medium businesses.
Financial terms were not disclosed.