Web site assessment specialist Watchfire Corp. said Monday it was buying an American company focused on creating barriers between Web servers and hackers.
Watchfire, based in Ottawa, said it had purchased the intellectual
property and products of Santa Clara, Calif.-based Sanctum Inc. for an undisclosed sum. Watchfire will bring over 75 employees through the deal, which is expected to close by the end of next month.
Sanctum has evolved over its seven-year history from merely stopping hackers from getting through to enterprise Web servers to audit capabilities for developers. This is an area familiar to Watchfire, which has been in business for eight years making software to audit and assess Web sites for problems in compliance with rules about privacy, accessibility and other issues.
Michael Weider, Watchfire’s co-founder and chairman, said the company was attracted by Sanctum’s security expertise. The deal is an attempt to respond to the way customers are telling the firm they want to minimize risks to their Web infrastructure.
“”Instead of using five or six products to assess their Web sites for discrete issues, they want to consolidate that under one system that’s scanning the site for a whole host of problems,”” he said. “”It can give them in one dashboard or report a sense for, across the board, what their exposure is.””
Steve Poelking, a security analyst with Toronto-based research firm IDC Canada, said customers are searching for a balance between the desire for the best product and juggling more than one tool.
“”We tend to see best-of-breed dominating in security, mainly because a lot of these companies tend to specialize in certain areas,”” he said. “”But that doesn’t take away from the desire of a lot of end-users that they would want to simply their environment and the number of vendors they’re working with.””
Customers need to realign their Web site security, Weider said, first by providing their developers with tools to check applications as they’re creating them. After that, there’s a quality assurance cycle to assess Web sites for issues. Finally, users need to monitor live Web sites in production environments to give users a picture of their compliance.
“”What Watchfire brings is really the enterprise production scanning capability. Sanctum is strong on the developer and QA side,”” he said. “”We’ll be taking Watchire’s DNA and putting it in Sanctum’s products.””
The company will continue to offer Sanctum’s tools, which include WebXM, AppsScan and AppShield, as standalone products, Weider said. The firm will also offer integrated versions for customers that want to address a broader set of problems. A prototype of the integrated product has already been completed.
Sanctum’s competitors included Spy Dynamics and Fortify Software. Weider said Watchfire’s advantage will be a comprehensive product line that looks not only at security but also at privacy and other regulatory-specific issues.
Earlier this year, Watchfire added a service to assess financial Web sites for their effectiveness when it purchased GomexPro from Gomez Inc.