The recent acquisition by Barracuda Networks of an enterprise Web application firewall company is another sign standalone vendors are about to disappear, according to an industry analyst.
“This market is very well aligned with the Web application acceleration market,” said Chenxi Wang of Forrester Research. As a result in March her company predicted that companies like NetContinuum Inc. will be hunted down by companies in similar fields.
Barracuda, a maker of e-mail, spam and Web site firewalls for small and medium-sized organizations based in Campbell, Calif., didn’t disclose what it paid for NetContinuum of Santa Clara, Calif.
Stephen Pao, Barracuda’s vice-president of product management, said that his firm wanted to broaden its traditional line of edge security products to one that adds protection for Web sites.
He said NetContinuum’s “reverse proxy” technology revieves FTP/HTTP requests and applies security policies to make sure threats can’t be passed on to back-end servers. The NetContinuum products have now been rebranded as the Barracuda Web Application Firewall and the Barracuda Application Gateway. Each comes in 500 Mbps and 1Gb throughput 2U-sized models. The slower models process 12,000 HTTP transactions a section, while the faster ones do 44,000 a second.
As a result, Barracuda gains application security layer technology which it can spread to its SMB customers, Pao said, while gaining access to NetContinuum’s enterprise clients. Web application firewalls (WAFs) inspect and filter traffic, blocking attacks on Web apps. They are offered by a handful of standalone companies, including Impervia and Breach Security, as well as Citrix Systems and F5.
According to Forrester, the Web application firewall market will only be worth US$184 million in worldwide sales by 2009, and will dip after that.
Which is why the research company believes these products will be consolidated with other network security and application delivery tools such as load balancers and application accelerators and commodities.
Growth in spending on WAFs will be pushed by the Payment Card Industry (PCI) Data Security Standard, according to Forrester, which requires organizations to meet payment card data protection rules.
It has a 2008 deadline for compliance, which is why sales will slow after that. However, Forrester notes that WAFs are also ideal for protecting other data.