The acquisition is a good fit. Trustwave intends to continue to develop and support the two Application Security products, DbProtect and AppDetectivePRO, and to integrate and use the products throughout its existing portfolio. It said in a statement that Application Security will bolster its own offerings in three areas: it will allow the company to secure data in more areas; it will improve its compliance management offerings; and it will allow it to mitigate more data centric vulnerabilities.
Securosis CTO Adrian Lane is more specific: the acquisition doesn't merely improve Trustwave's compliance offerings, it fills "a compliance gap." Trustwave, he suggested in a blog posting, "should have acquired this technology a while ago."
For Application Security he is quite succinct: "this deal is pretty straightforward, and it needed to happen." AppSec, he fears, while being an early leader in database security, has been falling behind. "AppSec’s DAM product (AppDetectivePRO) has not kept pace with customer demand in terms of performance, integration, ease-of-use, or out-of-the-box functionality... Today the platform has reasonable quality, but is not much more than an ‘also-ran’ in a very competitive field."
But with Trustwave's assurance that it will continue to develop and support the products, the additional resources could breathe new life into both of them.
For Trustwave, chairman and CEO Robert McCullen explained, “Attacks from cybercriminals, malicious insiders and other threats have increased the spotlight on the security of high-value data and the importance of protecting it no matter where it lives or where it’s going. Disparate products and manual tools and processes," he said, "just can’t keep up with the pace of today’s threats. By joining forces with Application Security, Trustwave can help customers strengthen security across their environment – from the network, applications, web, and down to the data itself – so they can more effectively fight cybercrime, protect data and reduce security risks.”
Trustwave has a history of acquiring other companies, having already bought Mirage Networks, Vericept, BitArmor Systems and Breach Security. Its most recent acquisitions have been M86 Security last year, and SecureConnect Inc earlier this year. Database security companies have an equal history of being acquired. For those keeping score, notes Lane, "AppSec is the 7th Database Activity Monitoring acquisition – after Lumigent (BeyondTrust), IPLocks (Fortinet), Guardium (IBM), Secerno (Oracle), Tizor (IBM via Netezza), and Sentrigo (McAfee); leaving Imperva and GreenSQL as the last independent DAM vendors."