Open-source firewall company ModSecurity gets acquired
Breach Security Inc. will acquire Thinking Stone Ltd., which develops and provides support for an open-source Web application firewall called ModSecurity, the companies announced Monday.
Thinking Stone, based in London, is run by Ivan Ristic, the primary developer of ModSecurity. Ristic will become chief evangelist for Breach while continuing to work on ModSecurity. Financial terms of the deal were not released.
"It has been clear to me for some time now that I've done all I could working on ModSecurity on my own," Ristic wrote in his blog. "The limited resources available to me have become the main bottleneck."
Web application firewalls lock down Web application servers, which can be used to run e-commerce sites that handle credit card and customer information, making them fertile targets for hackers.
ModSecurity monitors and logs HTTP (HyperText Transfer Protocol) traffic in real time going to Web applications. It also monitors networks for unusual behavior and common attacks on Web applications.
ModSecurity is strong on its technical merits but weak on its user interface, wrote Michael Gavin of Forrester Research Inc. in a June 2006 report. But the open-source project has built a strong user community, and more than 10,000 modules are in use in production environments, he wrote.
Breach Security was one of ModSecurity's competitors. Other rivals include market leader NetContinuum Inc., Citrix Systems Inc., Imperva Inc. and F5 Networks Inc., Gavin wrote.
Thinking Stone offers a free version of ModSecurity and licenses versions with more advanced features, as well as offering customer support services.
Breach Security plans to release several products based on ModSecurity over the next few weeks. They will include an upgrade to ModSecurity 2.0, a Web-based console to monitor the application's sensors, and a Web application security hardware appliance.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
