Making its announcement on Tuesday, Trustwave said it will be harnessing Cenzic’s Hailstorm technology to continuously check cloud, mobile, and web applications for vulnerabilities. Based in California, Cenzic’s solutions can work for single applications, but they also scale up to enterprise deployments, using algorithms to automatically assess these applications.
While Trustwave already offers penetration testing for cloud-based applications, databases, networks, and scanning services, the plan is to leverage Cenzic’s technology to offer both static and dynamic security testing as subscription-based services. Integrating Cenzic with Trustwave’s web application firewalls, security information, and event management systems will also give customers more protection.
Static testing involves examining non-running applications by looking at their source codes, often before the application has been launched, while dynamic testing means continuously testing applications for vulnerabilities, even while they’re running.
“This acquisition brings together two security leaders who understand the power automation brings to managing the aggressive and evasive threats we’re seeing today,” said Robert McCullen, Trustwave’s CEO, in a statement.
“Cenzic’s highly automated and scalable security testing platform supercharges our ability to deliver integrated testing across a high volume of applications. This acquisition marks another milestone in Trustwave’s strategy to deliver comprehensive, automated and integrated security, compliance and threat intelligence solutions to the industry—all delivered through the cloud.”
Adding Cenzic’s technology to its toolkit also allows Trustwave to reach out more to enterprise organizations, offering them more frequent security testing for a bigger group of applications. Plus, it allows Trustwave to bundle its services through the cloud as managed services.
Headquartered in Chicago, Ill., Trustwave provides protection to more than two million businesses in its Trustwave TrustKeeper cloud platform, where it gives them automated data protection, risk management, and intelligence on incoming threats.