RealTime IT News

Cenzic Takes Competitor Pieces

What are you supposed to do when your competitors are bought? If you're Cenzic, you take a piece of each for yourself.

The application security vendor has watched its key competitors get absorbed by a pair of the biggest names in IT. IBM took Watchfire and HP bought out SPI Dynamics.

Now Cenzic is integrating both Watchfire and SPI Dynamics data in Cenzic Hailstorm Enterprise 5.0, which the company announced today.

"What we're doing in 5.0 is integrating with all the different solutions that exist into a centralized dashboard," Cenzic CEO John Weinschenk told internetnews.com.

"We've developed a product that will take input data from both the source code scanning products as well as SPI Dynamics and Watchfire to give users an über dashboard. We now have the ability to test applications and be able to provide imported results from other solutions, as well as our own in a continuous Web-based environment."

Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 also includes seamless integration with Fortify's Source Code Analyzer . Additionally Cenzic has a managed service called ClickToSecure ARC, which offers similar functionality as Hailstorm.

The Cenzic solutions provide application vulnerability visibility through the entire software development lifecycle. The breadth of applications that Cenzic can analyze is broad and isn't limited to any one type of framework or specific server technology.

"We don't care. As long as it [the application] has a URL and we can get to it from a Web browser we can attack it," Weinschenk said.

Though there are always trends to be noted in application vulnerability, Weinschenk wasn't keen to point out any one particular attack vector or vulnerability in applications as being a key trend. He said there is too much hype about the top-five things people should test for. Those top five might only represent 70 percent of all vulnerabilities.

"The problem is the 30 percent that you're not testing that could be serious," Weinschenk said.

The integration with solutions from Watchfire and SPI Dynamics enables Cenzic users to import results, which is something that Weinschenk noted was a key request from customers. He explained that Cenzic has some large companies that use their solutions, and those companies always use more than one solution so that they can audit results.

By being able to import results into one dashboard, it simplifies the auditing and vulnerability assessment.

The integration also comes at a key time, with the acquisitions of Watchfire and SPI Dynamics. Weinschenk argued that Watchfire and SPI customers will get hurt until IBM and HP figure out the integration.

"It's good timing for us since now that we have integration, you can import results and you don't lose anything," Weinschenk said.

So with Cenzic's two closest competitors being bought out, when will Cenzic go? Weinschenk would only say that he'll do what's right for shareholders.

"I do think there is a bigger play in app security than tying into quality assurance solutions," Weinschenk added.

"There is a huge play in app security for all of the security companies to be able to provide a management of all app security as part of their offering as opposed to tying into an IBM Rational or HP's Mercury interactive, which is what's taking place with SPI and Watchfire."