In an effort to provide a complete set of data center security solutions across the cloud, online security provider Imperva has agreed to acquire cloud security gateway startup SkyFence as well as the remaining shares of cloud-based web application security provider Incapsula. Imperva expects the acquisitions of SkyFence and Incapsula to close in the first quarter of 2014.
“Our acquisition strategy for SkyFence and Incapsula are very similar. We seeded Incapsula four years ago because we recognized that cloud delivery would change the web application security landscape,” Imperva Asia Pacific and Japan VP Stree Naidu said in a statement. “In the case of SkyFence, we believe that Software as a Service delivery models for internally facing corporate applications will substantially change the landscape for data center security and compliance.”
SkyFence protects internal corporate applications (like employee and back office-oriented applications) that are moving to SaaS delivery models. Despite being internal, these applications allow access from the internet and potentially the same vulnerabilities as public-facing applications.
SkyFence’s solution provides real-time visibility and control over corporate SaaS applications, helping organizations enforce security policy, protect sensitive data, and comply with regulatory standards. It uses proprietary network traffic analysis and “dynamic user fingerprinting” to compare normal user behavior profiles with unusual activity that could signify outside cyber attacks and internal threats.
SkyFence’s central gateway gives organizations visibility into all of its cloud assets, and can be used to control over user access to sensitive data and API access. SkyFence also helps control “Shadow IT” – cloud applications that are used without corporate approval – by automatically detecting them and providing risk scores and usage metrics.
Imperva’s “agreement in principle” to buy the remaining stake in Incapsula will help Imperva deliver security for external-facing production applications like online banking, online gaming, and retail applications.
Incapsula’s application-aware “cloud delivery network” platform provides websites and web applications with best-of-breed security, DDoS protection, load balancing, and failover solutions, available as standalone services or as an integrated solution. Incapsula’s enterprise-grade, PCI-certified Web Application Firewall protects websites and applications from new and emerging threats, filtering them before they reach the customer’s network.
Incapsula’s application layer (Layer 7) load balancing and failover also balances traffic across multiple web servers directly from the cloud, allowing websites and applications to scale beyond the capacity of a single web server without requiring a local load balancing appliance or virtual appliance.
SecureSphere WAF for AWS
Imperva’s new “SecureSphere WAF for AWS” is a version of itsSecureSphere Web Application Firewall designed primarily for externally-facing production applications hosted on AWS public cloud instances. This lets customers replicate their existing on-premise security controls as they migrate to AWS, adding security, deep visibility and controls to this public cloud service.
SecureSphere WAF for AWS instances are created and moved along with the applications they protect – automatically moving across Availability Zones.
SecureSphere for AWS has been in limited availability since late 2013 and will be generally available in March 2014.
These acquisition and the release of SecureSphere WAF for AWS reflect Imperva’s belief that security solutions will become needed as both public and private cloud delivery models continue to grow.