Blog

Mergers and acquisitions are some of the most important, exciting, and often messy aspects of the business world. Having been through the process several times, both as an acquirer and an acquiree, I can personally attest that technology and security are areas where things can get particularly messy. Buyers and sellers will often have very different approaches to security–different levels of operational maturity, different tools, and different threat profiles. This means that many of the details about security posture and risk only become known after an acquisition is complete. Yikes!

While no technology can tame all the challenges of an acquisition, ThreatX’s web application and API protection +Bot + DDoS (WAAP++) platform can give organizations an easy, yet powerful way to wrestle control over AppSec. Because it can be up and running in just a few hours, ThreatX can help uncover problems during the due diligence process; letting security teams quickly triage and deliver core protections to newly acquired sites and apps after the merger is complete. Let’s take a closer look.

It’s been a little over two months since I joined ThreatX as CEO, and it’s already shaping up to be a fantastic ride. As a leader, these are always some of the most exciting and illuminating days as we start to get our hands dirty and chart the path forward. As always, the most important insights have come from getting to hear directly from a lot of AppSec leaders and practitioners about the real-world challenges they face on a daily basis.  

If you manage yourself well over the course of your career, you’ll get maybe a half-dozen shots at your “first 100 days.” Any more than that and you might be job hopping too much. Any less, and you might be staying in your comfort zone for too long. 

Most any organization that stores, processes, or transmits payment card data is likely well aware of the Payment Card Industry Data Security Standard (PCI DSS). For these organizations, maintaining and documenting PCI compliance is an ongoing and often laborious process. ThreatX brings a new approach to application security that not only helps address PCI requirements but does it far more consistently across many types of applications and with far less effort than traditional WAFs. 

Hello. My name is Gene Fay and I am incredibly excited to join the ThreatX team as CEO. I’d like to take a few moments to introduce myself and talk briefly about why I joined ThreatX and my vision for its future. 

Just a few weeks ago, my colleague wrote a blog about the importance of having AppSec vendors who are true partners and not simply hawkers of products. This has become even more important as security teams try to adapt to the challenges and pressures introduced by the COVID-19 pandemic.

Many organizations are accelerating their migration to cloud-based applications both to reduce costs and to simplify the availability of applications as more users work from home. At the same time, budgets are increasingly uncertain as teams look to control costs in the face of uncertainty. For AppSec teams, this creates a classic need to “do more with less”. While many organizations are being asked to cut back, it is important to remember that attackers are doing just the opposite.

This sort of challenge accentuates the vision behind our approach at ThreatX. This is not a marketing shift to capitalize on a global tragedy, it’s how we built our business from the start. Our approach is simple:

As the threat landscape has become more diverse, AppSec solutions have become increasingly fractured. For each new type of threat or problem, a new corresponding type of security product seems to arise. However, this sort of technology sprawl has become operationally unsustainable as organizations are forced to support exponentially more applications, more APIs, and defend against a much broader set of threats including bots, DDoS attacks, and patient, multi-stage, targeted attacks and evasion techniques. 

It’s been a few weeks since we closed the book on another RSA conference. And as always, it was nice to catch up with old friends, meet new ones, and talk to many of the security professionals who are on the frontlines of AppSec every day.

However, after spending some time on the show floor, one thing really stood out for me: vendors were selling security products, and most attendees were looking for security partnerships.

Every vendor seemingly has a promise for why their technology, products, or features are better than their competitors. But ultimately, it falls to the customers to take a leap of faith, invest in a product, staff the product, and make it deliver on its promises. It is the customer that must do the heavy lifting and take on the risk.