Trustwave back buying, snares Breach for WAFs

Information security and compliance provider Trustwave continued its steady stream of acquisitions with the purchase Tuesday of Breach Security, maker of web application firewalls (WAFs).

Under the deal, terms of which were not disclosed, Trustwave will offer Breach's technology as both a point solution and as part of an integrated suite of web application security offerings, which already includes penetration testing, source code review, software development training and incident response.

"Hackers increasingly target insecure web applications as their point of entry into an organization's network," Sanjay Mehta, CEO of Carlsbad, Calif.-based Breach Security, said in a statement.

Web applications consistently rate near the top of attack vectors. A recent IBM X-Force report concluded that SQL injections substantially increased last year, as attackers leveraged automated tools to discover and infect vulnerable websites.

WAFs, which sit between the client and the web server, enable organizations to inspect inbound and outbound traffic. They also can be used to fulfill compliance with section 6.6 of the Payment Card Industry Data Security Standard.

Tuesday's acquisition announcement is just the latest for Chicago-based Trustwave. In January, the company bought data encryption vendor BitArmor. Last September, it acquired data leakage firm Vericept, and seven months earlier, it picked up network access control provider Mirage Networks. In October 2008, Trustwave acquired ControlPath, maker of governance, risk and compliance solutions.