Trustwave Acquires Database Security Firm To Bolster Services


Trustwave is acquiring data security provider Application Security, Inc. in a deal the company said would give a lift to its compliance and security services with database scanning and testing capabilities.

Terms of the acquisition were not disclosed. Application Security is based in New York and focuses on security software for relational databases and big data stores.

Chicago-based Trustwave said it would add the database security vendor's technologies to its existing managed security services, bolstering its compliance auditing and assessment services. The company will also add the capabilities to its penetration testing and vulnerability management services.

[Related: Are Managed Services The Best Way To Deliver Security?]

Application Security mainly sold an automated database security scanner. The company's two products, DBProtect and AppDetectivePRO, are designed to uncover configuration errors, access control issues and vulnerabilities that should have been patched. Configuration errors are often at the root of data breaches, say security experts. Application Security said it reduces the risk of data leakage by reducing errors attackers can use to gain access to sensitive files or conduct a denial-of-service attack to cripple or bring down a database management system.

Trustwave has been bolstering its product portfolio through acquisition, say solution providers who have been watching the company grow rapidly in recent years. Trustwave unveiled a formal channel program last year, following its acquisition of M86 Security, which added Web security gateway appliance technology to its portfolio. The company continues to bolster its managed security services and compliance business with various security technologies that address vulnerability and risk management assessments, said Pete Lindstrom, principal analyst at Spire Security.

Channel providers could look closely at existing Application Security customers for potential opportunities, Lindstrom said, because existing customers may look elsewhere for new database security capabilities. Trustwave doesn't appear to do any heavy integration or development on existing technologies in its portfolio, Lindstrom said.

"[Trustwave has] purchased a number of companies that seem to be one-off purchases, and we've never really seen any real integration into an overall platform," Lindstrom said. "They seem to be building out a portfolio of security products that generate a customer base and cash flow, but it is not clear that there is any significant innovation or product development coming from them."

Trustwave has its roots in compliance, providing merchants with assessments to meet the Payment Card Industry Data Security Standards (PCI-DSS). The company markets a cloud compliance and information security platform. The company also audits for SOX and healthcare regulatory requirements. Trustwave's partner program has Platinum, Gold, and Silver levels, with benefits and requirements scaling based on revenues, training and certification. A referral program for partners also pays out for those that register a referral.

Application Security marks the company's latest acquisition, but Trustwave acquired a number of other security technologies, including those from Breach Security, a maker of a Web application firewall and Vericept Corp., which makes data loss prevention software. In April, Trustwave acquired SecureConnect, an Eden Prairie, Minn.-based managed security services provider.

PUBLISHED NOV. 11, 2013