Posted by: David Schneier
Application Security, Security Vendor News
One of the side benefits of covering shows like the Gartner IT Security Summit, RSA, Black Hat and others is that it gives us a chance to catch up with some of our sources whom we only see a few times a year. And it also is a great opportunity to get the latest industry rumors and gossip. We are in D.C., after all, a city in which gossiping is a full-time job. On that front, the major theme so far this week has been speculation about which application security vendors will be the next to be acquired. A few people in the know seem to think that the database security sector might be ripe for some consolidation, considering that there are a number of small-ish vendors–Guardium, Tizor, Lumigent, et al.–jockeying for pieces of a niche market that already has a pretty big leader in Application Security.
Along those lines, one of the Gartner analysts said yesterday that he thinks most of the Web application security vendors will be gone in a few years because that functionality will be subsumed by larger offerings. It’s hard to see that happening. Take the example of Sanctum, one of the pioneers of that market. Watchfire bought the company several years ago, but has continued to sell Sanctum’s products as standalone offerings. That’s a pretty specialized market, and it also has the effect of creating the need for other security products and personnel who can fix the problems the scanners find. I’d bet they’ll be around for a while yet.