Breach Acquires ModSecurity Open Source Vendor Thinking Stone

September 25, 2006; 02:52 AM

Breach Security, Inc., the leader in web application security, today announced the acquisition of Thinking Stone Ltd., the leading provider of services and enhancements for the ModSecurity web application firewall. The combined entity brings together the most widely deployed web application firewall and the best threat detection technology available in the market. Breach Security will continue to contribute to the open source community with new releases of ModSecurity as well as incorporate ModSecurity technology into its suite of web application security solutions.

"The world's most privileged information is increasingly accessible through web-based applications, shielding sensitive data is a strategic move," said Jeremiah Grossman, founder and chief technology officer of WhiteHat Security. "The acquisition announcement is exciting for the community; ModSecurity will have the resources necessary to attract a wider enterprise audience."

ModSecurity is the most widely deployed web application firewall in the world with more than 10,000 deployments. It began as an open source project written by Ivan Ristic, a world-recognized authority in Apache Security, who will join Breach Security as a Senior Executive. ModSecurity was recently recognized by Forrester Research as the world's most widely deployed web application firewall in the same report that stated Breach Security's WebDefend(TM) has the best attack detection capabilities of the vendors evaluated in The Forrester Wave(TM): Web Applications Firewalls, Q2 2006, Forrester Research, Inc., June 2006 report.

"Delivering ModSecurity to the open source community was the first important step toward protecting sensitive information on the web, however, there is a need to take this to the next level," said Ivan Ristic, founder of Thinking Stone and the primary developer of ModSecurity. "The market needs affordable web application security that is easy to install and manage for everyone, along with technical support for large and small organizations. The acquisition of Thinking Stone by Breach Security will make this possible."

As the Chief Evangelist of the combined companies, Ristic will focus on extending Breach Security's security application solutions and the continuous improvement of the ModSecurity open source offerings.

"Ivan has successfully delivered an open source solution that enables any knowledgeable security professional to effectively secure their web applications for free," said Marc Shinbrood, president and CEO, Breach Security, Inc. "Breach Security is committed to the spirit of his achievements as well as protecting, nurturing and growing the ModSecurity open source community."

Going forward, Breach Security will provide extensive support for the ModSecurity open source community, including enhancements to the open source version of ModSecurity, hosting product training, both online and in the classroom, building an active community website, delivering product documentation and hiring dedicated support for the community.

In the next few weeks, Breach Security will release several products based on ModSecurity technology, including:

     *  ModSecurity 2.0 -- the long awaited upgrade to ModSecurity providing a significantly enhanced analysis engine.
     *  ModSecurity Community Console -- a web-based console providing event consolidation for multiple ModSecurity sensors.
     *  ModSecurity Appliance M1000 -- an inexpensive plug-and-play web application firewall appliance.
     *  Certified ModSecurity Rule sets -- optimized packages of ModSecurity rules for protecting commercial web applications with known vulnerabilities and ensuring web applications are compliant with specific regulations, such as PCI.
     *  Breach will provide support and training for ModSecurity deployments.

Breach Security's acquisition of the ModSecurity technology will enhance the open source offerings to the community as well as provide much needed commercial support for professional-grade inexpensive web application firewall technology.

About Breach Security, Inc.

Breach Security, Inc. (www.breach.com) is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach's solutions are ideal for any organization's regulatory compliance requirements for security. Breach was founded in 2004 and is headquartered in Carlsbad, Calif.

Breach Security, BreachGate WebDefend and BreachMarks are trademarks of Breach Security, Inc. All other companies' names and product names are trademarks of their respective organizations.