Trustwave buys application firewall vendor Breach Security

Trustwave continues to expand its security portfolio with the acquisition of Web application firewall vendor Breach Security.

The deal gives Trustwave not only Breach's commercial Web Defend firewall, but also its open source Web application firewall software ModSecurity.

Trustwave did not announce the price it paid for Breach.

The company says it plans to add WAF security to its array of application security services through its Spider Labs consulting, which also performs penetration testing, secure code review, security-focused software development training and incident response.

Breach's gear can be used to provide interim Web application security after vulnerabilities have been found in corporate Web apps and before they can be remediated via securing the code itself, Trustwave says. Web Defend will be offered as a separate product but also as the gear used in a managed WAF service, the company says.

Truswave is no stranger to acquisitions, having bought network-access control vendor Mirage Networks and data-loss prevention vendor Vericept in 2009 and encryption experts BitArmor earlier this year.

This disparate collection of expertise is due to a strategy that seeks out the most pressing security issues businesses face - based on Trustwave's interactions with customers -- and tries to fix them.