Imperva Plans To Buy Prevoty For $140M To Boost DevOps Capabilities

Imperva plans to buy Prevoty for $140 million to better protect application services residing on-premises and in the cloud.

The Redwood Shores, Calif.-based application and data protection vendor said acquiring Los Angeles-based Prevoty will expand customers' visibility into how applications are accessed, what happens within the applications, and how applications and users interact with data. Expanding the clients' view across their business assets will provide them with more insights to understand and mitigate security risk.

"When combined with our on-premises and cloud products, it [Prevoty] will help businesses better protect themselves from attacks, prevent breaches, and monitor security across their digital business," Chris Hylen, Imperva's president and CEO, said in a statement. "Combined with Imperva insights offerings, Prevoty will further help to identify the true risks to customers' application services."

[RELATED: 2018 Security 100: 20 Coolest Identity Management And Data Protection Vendors]

The deal was announced late Thursday and is expected to close in the third quarter of fiscal 2018. Imperva's stock plummeted $9.90 (17.46%) in after-hours trading Thursday to $46.80 per share.

The acquisition of Prevoty will enable customers using agile development to natively build security into their applications, Imperva said, extending the company's reach into the DevOps market. Prevoty combines the rich, detailed context of the application itself with an easy-to-deploy security offering that integrates seamlessly, according to the company.

"We believe the combination of our solutions and Imperva's portfolio of products will allow us to jointly create the gold standard in technology for application and data protection for organizations everywhere," Julien Bellanger, Prevoty's CEO, said in a statement.

Imperva has extended employment offers to all Prevoty employees, with the company's Los Angeles office becoming an Imperva location.

Prevoty employs 47 people, according to LinkedIn, and three-quarters of all Prevoty employees, as well as certain key employees and vice presidents, must accept employment offers from Imperva as a condition of closing, according to a filing Thursday with the U.S. Securities and Exchange Commission. Prevoty was founded in 2013, and has raised $25.8 million in four rounds of outside funding.

"We are well on our way from a product perspective and market traction, but not yet at the scale we were dreaming about," Bellanger wrote in a message posted to Prevoty's website. "Becoming part of Imperva will help us reach our goals at a different scale and price."

One of the many goals of the joint Imperva-Prevoty platform, Bellanger said, is to cover on-premises, cloud, and serverless applications, as well as agile, CI/CD, and DevOps deployment processes. He said the combined company will enable clients to better understand and respond to attacks by connecting web application firewalls, runtime application self-protection, and database activity monitoring.

Prevoty's Autonomous Application Protection (AAP) product will extend Imperva's ability to protect application services from the network edge to within the applications themselves to the various databases where data are stored, according to a blog post from Eldad Chai, Imperva's SVP of product management. Bellanger described AAP as the connective tissue binding the network and data together.

AAP not only identifies and blocks attacks, Chai said, but also offers granular insight into exactly what code was targeted, making it possible for organizations to prioritize their vulnerability management programs based on actual attack telemetry. AAP can provide additional valuable context to Imperva's existing analytics offerings, furthering the company's ability to provide actionable security insights.

Many of Imperva's customers are at the point where their development processes support building security directly into the apps, Chai wrote. AAP allows Imperva to combine the benefits of security built into the application with best-in-class application security applied at the edge, according to Chai.

Combining application security at the edge, application security built into the application itself, and data security with the telemetry from all three has piqued Chai's excitement from the Prevoty team joining Imperva.

"Combined, the whole is greater than the sum of their parts," Chai said. "Together, they can lead to better threat identification and prevention."