Cisco ‘in talks’ to borg with web app protector Signal Sciences for its web app firewall tech

Network overlord Cisco is reportedly planning to purchase Signal Sciences, a frequent cybersecurity collaborator and member of the Cisco Security Technical Alliance.

Signal Sciences is an American upstart that deals in web application security. Its flagship product is a next-generation Web Application Firewall (WAF) delivered as a service, using a patented process to secure both on-premises and cloud-based IT.

The outfit has raised $61.7m to date across four funding rounds, most recently $35m in February, from investors including Lead Edge Capital and Index Ventures.

Just last month, Cisco confirmed Signal Sciences’ products would be integrated with its Threat Response platform, so they could analyse event data from select Cisco Security products and threat intelligence from Cisco Talos.

“Integrations of this kind equip our customers with actionable insight into the threats across their infrastructure and applications,” Snehal Patel, senior director of product management for Cisco’s Security business group, said at the time.

Now, several sources have told The Information that Switchzilla is planning to bring the WAF capabilities in-house.

Signal Sciences was established in 2014, with headquarters in Culver City, California, by a team that used to run security and DevOps operations for e-commerce website Etsy.

Its WAF uses a patented method of defending web apps and APIs against attacks; the system distributes small (<10 MB install package) software agents written in Google’s Go programming language across customers’ servers to perform detection and enact decisions against requests.

The second component of the system is optional modules – containing just a few hundred lines of code – that pair with the agents to pass requests and enforce fail open functionality.

Agents and modules connect to the Signal Sciences Cloud Engine, an analytics backend hosted with AWS that feeds them up-to-date security intelligence.

The upstart says its WAF can be deployed in under an hour and supports 34 different hybrid and multi-cloud platforms.

Besides WAF, Signal Sciences also develops runtime application self-protection (RASP) tools – while WAF is technically a perimeter-based protection technology, RASP monitors the inputs of specific applications using lightweight modules in the code, protecting the runtime environment from the inside.

The company’s advisors include former Facebook chief security officer Alex Stamos, former Adobe CSO Brad Arkin, Etsy CEO Chad Dickerson and its CTO, John Allspaw, and TripWire founder Gene Kim.

Customers include Under Armour, Etsy, Adobe, Datadog and WeWork, among others. Signal Sciences said it was protecting more than 15,000 cloud-native, legacy and serverless applications in June 2018, and serving more than a trillion production requests per week.

Security has been one of Cisco’s strongest plays in terms of revenue. In May, Switchzilla reported that its security business was up 21 per cent year-on-year, driven by ID and access services, and products that fight against advanced and unified threats. For comparison, its infrastructure platform biz saw a modest growth of just 5 per cent. ®

Sponsored: Balancing consumerization and corporate control

READ MORE HERE