Imperva Buying Prevoty Signals A Major Shift In Application Runtime Protection – Info AI
In last year’s RASP Vendor Landscape, I noted that eventually RASP would eventually take over WAF as the best way to combat web app attacks. They have deeper knowledge of applications they protect than WAFs, and they can virtually patch vulnerabilities and weaknesses. In an upcoming report, we’re predicting WAF market growth to significantly slow down over the 2021-to-2023 period as bot management and RASP tools fully cover traditional WAF capabilities. In fact, RASP will experience a healthy 26.2% CAGR in the same period. Likely seeing the same writing on the wall, Imperva jumped on an opportunity.
Imperva Expanded Its Portfolio At The Expense Of Product Clarity
Today Imperva announced its intention to acquire Prevoty. Prevoty’s sole product is its RASP. Here’s what this acquisition means:
- Imperva will have the most comprehensive portfolio for runtime protection. With the inclusion of Prevoty’s RASP, Imperva will have the trifecta of runtime application protection: WAF, RASP, and bot management.
- Prospects will be confused about which product(s) to license. Imperva already has a product positioning problem with two WAF products (Incapsula and SecureSphere) and ineffectual product differentiation based on “context.” With Prevoty’s RASP in the mix, Imperva will need to clearly explain when to use RASP, when to use WAF, and when to use a combination.
- Customers will demand better bot protection. Imperva does not currently sell bot management separately from their two WAFs and consequently suffer the same multiple product syndrome. With the purchase of Prevoty, bot management is now the weakest link in the portfolio.
- The RASP market is beginning to leave its awkward teenage years behind. Now that we’ve seen the first RASP acquisition, expect more RASP tools to enter the market and push existing RASP tools to mature more quickly. For security pros that were putting off exploring RASP, now is the time. Evaluate tools based on deployment models and source code language support, which varies greatly between vendors. For more information about RASP, take a look at the following Forrester reports:
Vendor Landscape: Runtime Application Self-Protection
The Forrester New Wave™: Runtime Application Self-Protection, Q1 2018
The State Of Application Security, 2018
Article Prepared by Ollala Corp