Breach Security Blocks Bad Guys From Breaking Web Applications

Company: Breach Security

Headquarters: Carlsbad, Calif.

Technology Sector: Security

Key Product: WebDefend

Year Founded: 2004

Number of Channel Partners: 47 worldwide, including 35 in the U.S.

Ideal Channel Partner: Enterprise-focused solution providers

Why You Should Care: Breach Security, an application firewall company, is prepared for the Web 2.0 era with innovative behavior-based technologies and an array of service opportunities for its partners.

The Lowdown: Since 2004, Breach Security has been detecting gaping holes in Web applications -- long before most attackers began targeting the Web.

Now the Carlsbad, Calif.-based application firewall company is riding the crest of the Web 2.0 security wave as the number of Trojans, botnets and Internet worms continues to skyrocket.

But Breach's mission is more than protecting users from attacks, executives said. It's also about enabling more efficient daily workflow and business continuity.

"If you think of it in the simplest terms, code is flawed, and buggy code can result in vulnerabilities. But it can also result in alienating legitimate end users," said Sanjay Mehta, senior vice president at Breach.

Breach WebDefend

Breach's flagship WebDefend Web scanner, primarily targeted at larger SME companies, provides continuous Web-based security in real time that uses behavior-based technologies and multiple detection engines to inspect all of the traffic flowing into an organization. In addition, WebDefend contains automated reporting capabilities for regulatory standards, which makes PCI a significant part of the company's business, Mehta said.

And as part of their reseller agreement, Breach partners are encouraged to initially offer customers a comprehensive assessment of their security infrastructure, including their Web site and compliance policies. That report often serves as a guide for their customers' security strategy, and partners can update the assessment every few months.

"They're working 90 [percent] or 100 percent margin on a services deal, with a recurring revenue deal, which they love," Mehta said.

In the meantime, Breach continues to innovate, executives said. During the BlackHat 2009 security conference in Las Vegas, the company showcased its new Web Application Security Consortium and launched phase three of its Distributed Open Proxy HoneyPot Project, intended to analyze and report on live Web attack data captured from data sensors located around the world. That data is then used to provide security statistics and alerts of new and emerging threats to the public.