Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Imperva Makes Three Acquisitions, Unveils New Cloud Strategy

Imperva, a provider of enterprise data security solutions, on Thursday announced its plans to acquire two security firms and assets from another, in a move that will help extend its data center security strategy across the cloud.

Imperva, a provider of enterprise data security solutions, on Thursday announced its plans to acquire two security firms and assets from another, in a move that will help extend its data center security strategy across the cloud.

Redwood Shores, California-based Imperva said it has agreed to acquire Skyfence, a cloud security gateway startup, and has also agreed to purchase the remaining shares it does not already own in Incapsula, a cloud-based website performance and security service that Imperva invested in years ago and was already a majority owned subsidiary.

Imperva AcqusitionsImperva also said it has acquired assets from Tomium Software, a former OEM partner that enabled Imperva to provide z/OS mainframe monitoring solutions for DB2TM and IMSTM. By acquiring real-time mainframe security auditing agents from Austin, Texas-based Tomium, Imperva says it will be able to extend these capabilities to its full data security suite. 

In addition to the acquisition news, Imperva released a new Web Application Firewall (WAF) for Amazon Web Services (AWS).

“Our acquisition strategy for Skyfence and Incapsula are very similar. We seeded Incapsula four years ago because we recognized that cloud delivery would change the web application security landscape,” said Shlomo Kramer, CEO of Imperva. “In the case of Skyfence, we believe that Software as a Service (SaaS) delivery models for internally facing corporate applications will substantially change the landscape for data center security and compliance.”

Skyfence protects internal corporate applications, such as employee and back office-oriented applications that are moving to SaaS delivery models. Despite being internal, these applications often allow access from the internet, which exposes them to the vulnerabilities intrinsic to public facing applications.

Skyfence has developed a solution providing real time visibility and control over corporate use of SaaS applications, which enforces security policy, protects sensitive data from external and inside threats, and ensures compliance with standards. Through a single, central gateway, the solution provides organizations with the power to discover all of the cloud assets that are in use and to uniformly enforce security and compliance policies in addition to controlling user access to sensitive data, privileged user activity and API access to the service.

For externally facing production applications, the cloud is changing deployment in two ways, Imperva said. Some customers prefer a SaaS model for WAF delivery. Incapsula offers an application-aware global CDN platform that provides DDoS protection, load balancing, and failover solutions. Other customers prefer an Infrastructure as a Service (IaaS) model by which they can leverage the economies of scale of their cloud provider to realize significant cost savings. For these customers, SecureSphere for AWS allows them to move their applications with added security.

Imperva said it plans to bring Incapsula fully in house in order to allow for scale as the demand for Incapsula technology grows.

Imperva’s new SecureSphere Web Application Firewall version for Amazon Web Services is designed for customers that want to take their on-premise solution to the cloud or that prefer a “do it yourself” model for application security. With SecureSphere for AWS, customers can replicate their existing on-premise security controls as they migrate to the cloud.

SecureSphere for AWS has been in limited availability since late 2013 and will be generally available in March 2014, Imperva said.

“For some time now, we’ve seen our customers take advantage of cloud-based services to reduce costs and increase flexibility. However, moving applications and data off-premise causes new and very significant risk exposure for organizations,” said Mark Kraynak, Senior Vice President, Worldwide Marketing, Imperva. “The strategy we are unveiling today comprehensively addresses the dangerous security gaps raised by the move to the cloud.”

The acquisitions of Skyfence and Incapsula are expected to close in the first quarter of 2014.

*Updated to clarify that only assets were acquired from Tomium, not the entire company.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.