Open source firewall company ModSecurity gets acquired

Breach Security will acquire Thinking Stone, which develops and provides support for an open source Web application firewall called ModSecurity, the companies announced Monday.

Thinking Stone, based in London, is run by Ivan Ristic, the primary developer of ModSecurity. Ristic will become chief evangelist for Breach while continuing to work on ModSecurity. Financial terms of the deal were not released.

"It has been clear to me for some time now that I've done all I could working on ModSecurity on my own," Ristic wrote in his blog. "The limited resources available to me have become the main bottleneck."

Web application firewalls lock down Web application servers, which can be used to run e-commerce sites that handle credit card and customer information, making them fertile targets for hackers.

ModSecurity monitors and logs HTTP traffic in real time going to Web applications. It also monitors networks for unusual behavior and common attacks on Web applications.

ModSecurity is strong on its technical merits but weak on its user interface, wrote Michael Gavin of Forrester Research in a June 2006 report. But the open source project has built a strong user community, and more than 10,000 modules are in use in production environments, he wrote.

Breach Security was one of ModSecurity's competitors. Other rivals include market leader NetContinuum, Citrix Systems, Imperva and F5 Networks, Gavin wrote.

Thinking Stone offers a free version of ModSecurity and licenses versions with more advanced features, as well as offering customer support services.

Breach Security plans to release several products based on ModSecurity over the next few weeks. They will include an upgrade to ModSecurity 2.0, a Web-based console to monitor the application's sensors, and a Web application security hardware appliance.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies