WhiteHat Beefs Up Code Analysis With Infrared Security Acquisition

Financial terms of the deal, announced Wednesday, were not disclosed.

The addition of static code analysis technologies serves will build out WhiteHat’s current Web application vulnerability management tool, WhiteHat Sentinal, complementing the company’s existing dynamic code analysis capabilities.

The newly enhanced engine -- touted as a SaaS Web application vulnerability management solution that covers the entire software development lifecycle (SDLC) -- will offer both static and dynamic code analysis.

The combined technologies are designed to eliminate false-positives and allow customers to more quickly detect vulnerabilities, while providing the ability to scale up to the largest global enterprises.

Sponsored post

For Infrared Security, the move enables the company to reach a broader audience and bring its technology to market faster by integrating with WhiteHat’s existing SaaS infrastructure, while the company as a whole will benefit from WhiteHat's sales and support backing.

But what may really differentiates the new engine will be new and fresh expertise gleaned from the addition of the Infrared team.

The combined research team would be available around the clock to analyze code and detect vulnerabilities, while contextualizing the findings for its enterprise customers, which will drastically reduce the number of false positives that have historically been the “Achilles heel” of code analysis, executives say.

“Having a human being to do that on the backend will be amazing from a client perspective,” said Jerry Hoff, co-founder and managing partner of Infrared Security. “Human beings will be vetting every one of those findings. You just have the vetted findings down to the line number. They know exactly where to find it.”

For WhiteHat partners -- a mix of small boutique firms and large enterprise resellers -- the new engine will be an opportunity to significantly expand their customer base. The added contextualization capabilities from the live reasearch teams will make it easier for channel partners to reach C-level executives and other key decision makers, by deconstructing copious raw, jumbled data, and turning it into actionable information that gives them a clear picture into their security and risk environment, executives say.

“IT managers have a more technical view, but for C-levels, it really does have to be extremely evident as to what’s going on,” Hoff said.

Showing C-level executives the threats and security vulnerabilities in laymen’s terms provides a “shock and awe” that usually prompts action, said Bill Pennington, chief strategy officer for WhiteHat. “It’s great to sit there and say, 'here’s all the bad stuff.'”

The increased accessibility to the C-level executives would also give channel partners the ability to scale up to reach a wider breadth of industry verticals and larger corporate markets that house hundreds or even thousands of Web sites, including financial services, e-Commerce, healthcare and insurance companies, Pennington said.

“It will give C-levels the ability to ask more relevant questions, and make better business decisions based on what they're seeing,” he said.

Pennington added that the SaaS technology offers an opportunity for channel partners targeting enterprise end users overburdened with security tasks and looking to reduce headcount costs.

“People are willing to try something new. They’re quickly growing tired of the amount of work and effort and staffing to keep those first generation products going,” he said. "That's what sets this apart. You don’t necessarily have to add headcount to your team to start tackling the Web vulnerabilities.”