Cisco 'in talks' to borg with web app protector Signal Sciences for its web app firewall tech

It is but WAF-er thin... – report


Network overlord Cisco is reportedly planning to purchase Signal Sciences, a frequent cybersecurity collaborator and member of the Cisco Security Technical Alliance.

Signal Sciences is an American upstart that deals in web application security. Its flagship product is a next-generation Web Application Firewall (WAF) delivered as a service, using a patented process to secure both on-premises and cloud-based IT.

The outfit has raised $61.7m to date across four funding rounds, most recently $35m in February, from investors including Lead Edge Capital and Index Ventures.

Just last month, Cisco confirmed Signal Sciences' products would be integrated with its Threat Response platform, so they could analyse event data from select Cisco Security products and threat intelligence from Cisco Talos.

"Integrations of this kind equip our customers with actionable insight into the threats across their infrastructure and applications," Snehal Patel, senior director of product management for Cisco's Security business group, said at the time.

Now, several sources have told The Information that Switchzilla is planning to bring the WAF capabilities in-house.

Signal Sciences was established in 2014, with headquarters in Culver City, California, by a team that used to run security and DevOps operations for e-commerce website Etsy.

Its WAF uses a patented method of defending web apps and APIs against attacks; the system distributes small (<10 MB install package) software agents written in Google's Go programming language across customers' servers to perform detection and enact decisions against requests.

The second component of the system is optional modules – containing just a few hundred lines of code – that pair with the agents to pass requests and enforce fail open functionality.

Agents and modules connect to the Signal Sciences Cloud Engine, an analytics backend hosted with AWS that feeds them up-to-date security intelligence.

The upstart says its WAF can be deployed in under an hour and supports 34 different hybrid and multi-cloud platforms.

Besides WAF, Signal Sciences also develops runtime application self-protection (RASP) tools – while WAF is technically a perimeter-based protection technology, RASP monitors the inputs of specific applications using lightweight modules in the code, protecting the runtime environment from the inside.

The company's advisors include former Facebook chief security officer Alex Stamos, Adobe CSO Brad Arkin, Etsy CEO Chad Dickerson and its CTO, John Allspaw, and TripWire founder Gene Kim.

Customers include Under Armour, Etsy, Adobe, Datadog and WeWork, among others. Signal Sciences said it was protecting more than 15,000 cloud-native, legacy and serverless applications in June 2018, and serving more than a trillion production requests per week.

Security has been one of Cisco's strongest plays in terms of revenue. In May, Switchzilla reported that its security business was up 21 per cent year-on-year, driven by ID and access services, and products that fight against advanced and unified threats. For comparison, its infrastructure platform biz saw a modest growth of just 5 per cent. ®


Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021