Watchfire Corp., a Waltham, Mass.-based vendor of online privacy and compliance management technologies, last week acquired Web application security vendor Sanctum Inc. for an undisclosed sum (see story). The purchase of San Jose-based Sanctum will allow Watchfire to sell a broad range of tools to help companies monitor, measure, manage and secure Web applications more efficiently than is possible now, says Michael Weider, founder, chairman and CTO of Watchfire.
What drove your purchase of Sanctum? Application security is becoming an important part of a company's Web site compliance initiatives. Companies that have thousands of applications on an enterprisewide basis have no easy way of knowing if they are meeting standards for application security. Present tools don't give them the visibility to do this. Our customers have been asking us for a tool that will give them an overall view of their Web application security.
How will your purchase of Sanctum help address this? What we have seen is that enterprises need three levels of protection [at the application layer]. You want to give developers tools to test applications for security. You want to arm [quality assurance] to evaluate applications before they are published on the Web site. And the last is an enterprisewide scanning [capability] to see how well you are doing. That third line of defense is where our strength is. What we will do is to combine that with Sanctum's application security tools to create a total life-cycle management capability for Web applications.
What value will you add to what Sanctum is already selling in this market? What most organizations have been doing is arming developers with tools [such as Sanctum's] to test Web applications for security before publishing them. The limitation is that the CIO or the CISO or whoever is in charge of compliance has no visibility with how the whole enterprise is doing. Watchfire will provide that enterprise view. It will allow [companies] to know how they are doing and present that information on a dashboard. Combining Sanctum's application security scanning with our enterprisewide Web scanner will allow us to bring a new solution to market.
Watchfire CTO and chairman Michael Weider
What is the overall size of the application security market? It is somewhere around a $500 million market today. If you look at some of the new security issues and where most of the vulnerabilities are happening today, it is all at the application layer. Enterprises have invested many years in building up their perimeter defenses, and their knowledge and expertise in those areas are good. But application security is a nascent area. None of the traditional defenses protect you against threats at the application layer.