Breach acquires ModSecurity open source vendor Thinking Stone

Breach Security acquired Thinking Stone, the leading provider of services and enhancements for the ModSecurity web application firewall. The combined entity brings together the most widely deployed web application firewall and the best threat detection technology available in the market. Breach Security will continue to contribute to the open source community with new releases of ModSecurity as well as incorporate ModSecurity technology into its suite of web application security solutions.

“The world’s most privileged information is increasingly accessible through web-based applications, shielding sensitive data is a strategic move,” said Jeremiah Grossman, founder and chief technology officer of WhiteHat Security. “The acquisition announcement is exciting for the community; ModSecurity will have the resources necessary to attract a wider enterprise audience.”

ModSecurity is the most widely deployed web application firewall in the world with more than 10,000 deployments. It began as an open source project written by Ivan Ristic, a world-recognized authority in Apache Security, who will join Breach Security as a Senior Executive. ModSecurity was recently recognized by Forrester Research as the world’s most widely deployed web application firewall in the same report that stated Breach Security’s WebDefendâ„? has the best attack detection capabilities of the vendors evaluated in The Forrester Waveâ„?: Web Applications Firewalls, Q2 2006, Forrester Research, Inc., June 2006 report.

“Delivering ModSecurity to the open source community was the first important step toward protecting sensitive information on the web, however, there is a need to take this to the next level,” said Ivan Ristic, founder of Thinking Stone and the primary developer of ModSecurity. “The market needs affordable web application security that is easy to install and manage for everyone, along with technical support for large and small organizations. The acquisition of Thinking Stone by Breach Security will make this possible.”

As the Chief Evangelist of the combined companies, Ristic will focus on extending Breach Security’s security application solutions and the continuous improvement of the ModSecurity open source offerings.

Going forward, Breach Security will provide extensive support for the ModSecurity open source community, including enhancements to the open source version of ModSecurity, hosting product training, both online and in the classroom, building an active community website, delivering product documentation and hiring dedicated support for the community.

In the next few weeks, Breach Security will release several products based on ModSecurity technology, including:

* ModSecurity 2.0 – the long awaited upgrade to ModSecurity providing a significantly enhanced analysis engine.
* ModSecurity Community Console – a web-based console providing event consolidation for multiple ModSecurity sensors.
* ModSecurity Appliance M1000 – an inexpensive plug-and-play web application firewall appliance.
* Certified ModSecurity Rule sets – optimized packages of ModSecurity rules for protecting commercial web applications with known vulnerabilities and ensuring web applications are compliant with specific regulations, such as PCI.
* Breach will provide support and training for ModSecurity deployments.

Breach Security’s acquisition of the ModSecurity technology will enhance the open source offerings to the community as well as provide much needed commercial support for professional-grade inexpensive web application firewall technology.