Fortinet acquires database vulnerability scanner from IPLocks

Fortinet said that IPLocks' vulnerability scanning technology will help it broaden its portfolio beyond application security.

Fortinet's acquisition of database security company IPLocks' vulnerability scanning technology is part of the company's strategy to expand its security product portfolio well beyond its core UTM/firewall business.

It will not surprise me to see other big companies move into this space—ones that make Fortinet look small.
Rich Mogull,
founderSecurosis

And, it's yet another indication of the more general market trend of larger security companies reaching into new areas, either through development or acquisition.

"Companies like Oracle are moving into this space; IBM, a little bit," said Rich Mogull, founder of Securosis and former Gartner analyst. "It will not surprise me to see other big companies move into this space—ones that make Fortinet look small."

The purchase was part of a complex deal in which IPLocks divested its U.S. holdings, centered around its database VA tool, while keeping its Japanese operation and database monitoring and auditing products. So, Fortinet acquired all the assets of IPArmor, and licensing rights to resell Audit Center and Audit Control outside Japan. The agreement also allows Fortinet to develop the auditing and monitoring code and then sell it as its own going forward. IPLocks' will be allowed to resell the VA scanner in Japan.

The deal is part of Fortinet's strategy to develop products in the application/database security market. The vendor won't go into details about its plans, but the opportunity to snap up the IPLocks assets was fortuitous.

"If the technology is in accordance with our strategy, and the opportunity works out, then we'll make an acquisition, "said Anthony James, vice president for products at Fortinet. "This just happened to be the right company, the right technology and the right timing. There was good synergy with what we wanted to do in the application space."

UTM, database security:
Verizon UTM service reflects telecom security push: As consumers demand more defenses within their IT infrastructure, telecom companies are pushing deeper into the security market. Verizon's new UTM service is an example.

New SQL injection technique threatens Oracle databases: A technique called lateral SQL injection exploits PL/SQL procedures to compromise Oracle databases remotely.

Guardians of the Crown Jewels: Database security products promise an extra measure of security for your most valuable assets. Are they worth the price?

Fortinet is keeping about 30 IPLocks employees, primarily in engineering and sales.

The marriage of database and application security, which Fortinet appears to be moving towards, makes a lot of sense from a data protection perspective. The application front-ends the database, the crown jewels. Success against either compromises the data. Securosis' Mogull calls the concept ADMP—application and database monitoring and protection.

"Combine a Web application firewall and other Web application monitoring capabilities with the database stuff," he said, "and you start getting a compelling solution to deal with things like SQL injection and other kind of attacks."

Imperva, for example, which competes in the database and application security market, is unique in offering both full Web application firewall and database monitoring and auditing products. But, said Mogull, most of their deployments are one or the other. That's because a combined solution is a tough sell into the enterprise, he said. You have to address disparate application, database and security groups, who don't necessarily talk to each other much.

"That's whole lot of people to get talking together and get a line on a single strategy," he said. "That's why a lot of companies haven't looked at this and why a lot of vendors haven't offered solutions."

Dig deeper on Database Security Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close