The new DenyAll is here
A new corporate identity
Frequently asked questions
On May 6th, 2014, DenyAll purchased all outstanding shares of web application security vendor BeeWare, with the support of its investors, Truffle Capital and Omnes Capital.
This is an important milestone in the execution of DenyAll’s organic and external growth strategy, aiming at becoming a global leader in application security. The acquisition of BeeWare is the latest phase in DenyAll’s build-up efforts, which started in July 2012 with the purchase of VulnIT, a vulnerability assessment vendor. It enables DenyAll to double in size and reach critical mass, add Web SSO capabilities to its portfolio. Leveraging its consolidated European leadership and profitability, the company will be able to expand faster internationally.
The acquisition gives DenyAll access to a bigger market opportunity, with a broader portfolio now composed of:
- Web Application Firewall
- SOA Gateway
- Web Access Management (Web Single Sign On)
- Dynamic Application Security Testing
- Vulnerability Assessment products.
This deal is good news for customers and partners: a stronger vendor will guarantee the long term viability of the investments organizations have made in the technologies of both companies. The new DenyAll will continue to develop and support all existing products, bringing additional innovation and value through cross-pollination of features and integration of complementary technologies.
With this acquisition, French WAF vendors DenyAll and BeeWare are “burying the hatchet” and joining forces to reach the following goals:
- Deliver better, integrated solutions to loyal customers and partners and a much larger number of organizations, worldwide;
- Continue to innovate, closing the gap with attackers faster and adjusting to fast-evolving web application & services technologies;
- Increase their ability to execute on their organic and external growth strategy.
DenyAll and BeeWare are historical players in the Web Application Firewall (WAF) market. In the early 2000’s, that market was driven by a dozen of small vendors, competing for the trust of large, security-aware customers in financial services and energy. Today, large and mid-size organizations in all verticals are using these technologies to protect their informational assets from modern attacks. As the need generalized and technology improved, many pure players were acquired by application delivery and network security generalists, for whom WAF technology was just another checkbox. Some innovative products died as a result…
DenyAll and BeeWare have been competing with each other. Coming together as one company will make them a stronger player, bringing innovation and differentiated products to a larger customer base, with an increased ability to enter new markets, recruit partners and win market share, globally.
This is an ideal time for DenyAll and BeeWare to come together and create a stronger, European expert in application security. For three main reasons:
First, the market is maturing: with mobility and cloud computing, customers are realizing that their applications are both vital to their business operations and seriously at risk. At the same time, cloud computing combined with the maturing of WAF technology make it much easier than ever before, to deploy security controls that effectively stop attacks, without disrupting the business.
Second, Snowden’s revelations and the Prism scandal have acted like a wake-up call for many customers worldwide: preventing corporate and state-sponsored espionage using the technologies and services of companies subject to the US Patriot Act is perceived by many as a serious challenge, a paradox of sorts. European IT vendors have a positive reputation worldwide and are seen as valid alternatives to US vendors in many countries.
Third, the market needs a whole new level of innovation to be delivered in order to meet the challenge of securing a web-enabled world. Vendors mastering key application security technologies, such as Web Application Firewall, Web Access Management and Dynamic Application Security Testing, can meet that challenge.
The combination creates a great opportunity for application security innovators like DenyAll and BeeWare, who have a proven track record of delivering solutions that meet the needs of very demanding customers. Brought together, they will be able to offer innovative, integrated solutions to a larger number of customers.
There will be no impact on existing products. All products will be maintained and supported as initially planned by both vendors before the acquisition.
Incremental value will be delivered to customers and partners by the cross-pollination of product features and by virtue of the companies’ development, security research, QA and support teams coming together:
- New features will be added to both WAFs over time, leveraging each company’s innovations to deliver incremental benefits to users of both products. For example, rWeb’s advanced detection engines will be added to iSuite and i-Suite’s XML routing capabilities will augment a future release of rWeb. This will be done via incremental updates to both products, requiring no architecture change or migration. Many technology platform components will be shared by both products over time.
- Combining the capabilities of both companies in development, security research, quality assurance and technical support means more innovation, better quality software and improved quality of service for customers and partners.
The acquisition is a good sign of the financial health and long term viability of the company. Partners betting on DenyAll will enjoy a higher return on their investment as a result. For all, the merger means that new, innovative application security solutions will be brought to market by a stronger player, capable of meeting their needs better than the generalists who have lost the battle against attackers by failing to innovate for too long.
No. All existing products from both companies will be maintained and supported as they would have been according to each company’s support policies. All BeeWare and DenyAll products will be maintained and supported for a minimum of 3 years. DenyAll is committed to delivering new updates for LTS (long term support) versions of i-Suite for at least 5 years. Likewise, the Support policy for sProxy, rXML and rWeb remains unchanged.
Longer term, the lines of products will be unified, combining best features and user interfaces from both products.
Although we do not yet have a firm timetable, the two products will evolve over time into a converged product that leverages the best features of both WAFs, and will be supported and enhanced by the merged Support and R&D teams. More details about the timing and nature of the cross-populating of best features into the products will be communicated to customers and partners as the teams come together and define the roadmap.
In 2013, DenyAll and BeeWare achieved similar revenues. New business bookings grew 15% and 20% respectively vs the previous year. Both had positive earnings in the last 3 years. Combining the businesses will result in higher profitability and the ability to invest more in R&D and international expansion.
While this is technically an acquisition, since all shares of BeeWare are now owned by DenyAll, the intent is to leverage the assets of both companies to form a new and better organization. The new DenyAll combines the talents and technologies of both teams, with a view to accelerating R&D and delivering better solutions to customers in more markets, via a broader network of partners.
The executive team is composed of leaders from both companies. Former BeeWare executives, Guillaume Lesaint and Jérôme Clauzade, are joining the leadership team. The new executive committee is composed of:
- Jacques Sebag, CEO
- Guillaume Lesaint, VP Finance and Operations
- Renaud Bidou, CTO
- Jérôme Clauzade, VP Product Management
- Stéphane de Saint Albin, VP Sales & Marketing
Because this is value-driven acquisition and not a destructive, competitive takeover, a new corporate identity is introduced on the very day the deal is announced. The new identity captures the synergistic and additive nature of the acquisition; it conveys the notion that the combined company is a new one, built with the innovative technologies and leveraging the skills of the people who have made these two companies a success. While only one of the company names remains, the new DenyAll is the heir of both businesses. This new company is a more capable vendor and powerful competitor. It needed a new identity.
The orange color is the result of merging DenyAll’s red and BeeWare’s yellow. The logos are morphing into a ‘reload’ logo, which symbolizes the important new milestone. The new DenyAll leverages 30 years of combined experience, deep expertise in web application security, +600 customers and a great team of people, who pioneered the WAF space a decade ago and will change the game in application security again in months to come.
The corporate values are those of the founding companies:
- Customer Satisfaction
- Succeeding Together
DenyAll employees have security and innovation in their DNA. They aim to bring the best solutions to their customers and contribute to their success by delivering best-in-class services. This is a win-win spirit between DenyAll, its customers and partners.
Both companies have been headquartered in Boulogne-Billancourt, next to Paris, France. The new company will be headquartered in DenyAll’s current offices, before moving to a new, larger nearby office this summer. The merged R&D and Support teams will be distributed between headquarters and BeeWare’s office in Montpellier, in the South of France.
Economies of scale will result in a financially more effective organization. General management, administration and marketing expenditures will be optimized. This will allow for near term investments in increased go-to-market capabilities, with a view to winning market share.
In the longer run, with critical mass, larger revenues and higher profitability, DenyAll will be able to expand its portfolio further through R&D investments and other acquisitions.
Individually, DenyAll and BeeWare have been recognized as security experts and innovators by customers, partners and industry analysts. The new DenyAll is one of very few vendors worldwide with the expertise required to effectively secure modern web applications and services, for large enterprises, cloud providers and small businesses alike.
Having focused their R&D efforts in recent years on how to effectively filter emerging languages and protocols, like SOAP, REST, JSON and HTML5, while defeating evasion techniques and avoiding false positives, DenyAll and BeeWare’s products are ahead of competition. The new DenyAll has a unique ability and proven track record in delivering security solutions that actually block modern attacks while enabling modern applications, are easy to manage and inexpensive to own, scale and avoid the pitfalls of endless learning loops and false positives.
DenyAll’s view of the market is summarized in 5 key points:
- Securing web applications and services is a critical priority,
- Application security intelligence needs to scale throughout IT,
- Controlling security risks starts by identifying vulnerabilities,
- Nextgen WAFs can effectively secure user access to applications,
- Innovation is required to secure modern applications.
These points are developed below:
- Securing web applications and services is a critical priority:
Web applications and web services are the lifeblood of IT, which in turn powers modern lifestyles and economies. With the widespread use of cloud computing, mobility and social networks, the entire information system is moving to the web.
In large, mid-size and even smaller organizations, new applications are being created daily, which deliver rich user experiences, enable information sharing but generate many security concerns.
Organizations cannot afford to let these applications fail, expose confidential information or open new intrusion vectors, yet IT team struggle to control and secure them.
Efforts in building secure applications are increasing. Their efficiency could be augmented by embedding applications security tools within the software development lifecycle, enabling faster adjustments to new found vulnerabilities.
- Application security intelligence needs to scale throughout IT:
The challenge for IT infrastructure, security and development teams is to remain alert and knowledgeable on current and future attack vectors as well as evasion techniques. Without that intelligence, they stand no chance against the hacking industry and espionage communities, who are technically very acute and one step ahead of them, by definition. Modern security technologies can help by making that expertise readily available to all applications, legacy and new.
- Controlling security risks starts by identifying vulnerabilities:
Detecting and quickly patching security holes in the network, system and application layers helps reduce the potential attack surface, makes the attacker’s role more difficult.
- Nextgen WAFs can effectively secure user access to applications:
Web Applications Firewalls (WAFs) are multi-function devices and effectively operate very differently compared to (network) firewalls, but they are security controls too, first and foremost. While Application Delivery Controllers (ADCs) focus on infrastructure management and load-balancing traffic, the purpose of advanced, next generation WAFs is to ensure that applications reliably and securely serve data to entitled users, and only to those users. As such, they must meet the following requirements:
Protect applications from potential threats exploiting vulnerabilities, while minimizing false positives, which could negatively impact the business.
Prevent illegal access to valuable information assets but also shield the whole infrastructure from advanced attacks leveraging the application-layer to perform reconnaissance, penetrate the defenses and take control of vulnerable IT assets.
Embed various technologies, including user authentication and application acceleration functions, such as high-availability, caching, SSL off-loading and server load-balancing.
Embed Web Access Management functions, or connect with third-party Single Sign On solutions to optimize the user experience and account for user rights when securing access to applications.
- Innovation is required to secure modern applications:
Traditional, linear filtering techniques based on signatures and lengthy learning phases are not up to the task anymore. Effective security requires a paradigm shift towards intelligent filtering, based on identifying the nature of the requests and taking the context of users and their actions into consideration. Next generation WAFs must offer the following capabilities:
– Automatically discover unprotected applications, profile them, identify their vulnerabilities and provision ad hoc policies, to ease the burden of administrators,
– Use grammatical analysis and sandboxing technologies to identify the nature of incoming requests, ahead of eventually interpreting their content, in order to block complex attacks and evasion techniques,
– Analyze user behavior and evaluate user reputation to detect and block abnormal activity,
– Ensure in-session browser security to prevent compromised devices from becoming attack vectors,
– Automatically scale as demand grows, using APIs and workflow management technology.
DenyAll’s vision of how security technology needs to evolve to meet the challenge posed by the aforementioned trends is summarized by the term “Next Generation Application Security”. It has the following characteristics in DenyAll’s opinion:
- End-to-end: securing servers is key, but connecting clients (browsers and mobile apps), are often the weakest link in the chain. Ensuring malware residing on endpoints are not hi-jacking authenticated sessions is critical and should be part of the solution.
- Integrated: key technologies need to be combined, such as NextGen Web Application Firewall, SOA Gateway, Web Access Management (WAM), Browser Security, Dynamic Application Security Testing (DAST), etc.
- New filtering paradigms: signature-based filtering and whitelisting being outdated, WAFs need to identify the nature of requests, evaluate users’ behavior and reputation to make smarter decisions.
- Cloud automation: tools need to scale automatically and simplify administrative decision making and daily tasks. Application security needs to become affordable to all size organizations, including those with limited IT and no security expertise.
- New applications: new types of applications need to be secured, such as unified communications, voice over IP, Swift and industrial systems.
DenyAll is the first company to layout such a comprehensive vision. It is the only vendor to own all key technology components. It has already made the innovation investment required to deliver solutions that match this vision. DenyAll is the domain expert that customers and partners can trust.
DenyAll will stick to the founding vendors’ model of selling through partners while maintaining direct contacts with end customers. The investment in channel partner enablement done by BeeWare and DenyAll will be continued, targeting leading security/system integrators and outsourcers, through one-tier or two-tier distribution approaches, depending on market conditions. An incremental investment will be made in expanding the ecosystem in the cloud, by engaging IaaS and hosting partners, but also recruiting cloud integrators and partnering with SaaS vendors to build application security within their service offerings.
From a geographic perspective, the focus will remain in 2014-2015 on continental Europe (France, Germany, Austria, Switzerland, Luxembourg, Portugal, the Nordics and South Eastern Europe), Northern Africa, the Middle-East and South East Asia. Recent efforts by BeeWare and DenyAll to explore the Canadian and Latam markets will be continued.
All WAFs are available on public clouds such as Amazon and Azure. DenyAll is working with some cloud providers to support their investments on the OpenStack initiative. A new WAF-as-a-service, native cloud solution will be launched in June 2014. DenyAll’s vulnerability scanner Edge Tester is a SaaS solution, leveraging the cloud to automate penetration testing.