February 26, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Elizabeth Kratz
Elizabeth Kratz's Business Agility Watch
 ebizQ editor-in-chief Elizabeth Kratz gives a daily dose of Web happenings for the business technology industry; the industry that builds, powers and ensures business success.

« ebizQ Podcast: Salesforce/Google Deal | Main | At Gartner's Application Architecture, Development & Integration Summit »

June 08, 2007
ebizQ Podcast: Founder of Watchfire on Big Blue Acquisition

Last week, IBM announced its intention to purchase Watchfire and I threw down a podcast with the very sharp Mike Weider, Watchfire's founder and CTO. It is also transcribed below for your reading pleasure.

Listen to or download the entire 9:49 podcast below:


Download file

Participants of this podcast are ebizQ editor-in-chief, Elizabeth Book (EB); and Watchfire founder and CTO, Michael Weider (MW.)

EB: Hi, this is Elizabeth Book, editor-in-chief of ebizQ. And this is another ebizQ podcast. Today I am honored with the presence of Mike Weider, who is the CTO and founder of Watchfire, which was recently acquired by Big Blue -- that's right, IBM has purchased Watchfire, or has made a move to purchase Watchfire, I should say. So thank you for being with us, Mike.

MW: Thanks for having me!

EB: Basically, I guess all I want to tell our listeners at the moment is that Mike founded Watchfire 11 years ago in 1996, and this is basically a very exciting move, I think. And you probably had a busy day. You're in this acquisition time. Maybe you're busy a few days. So if you could maybe tell us a little bit about Watchfire and tell us a little bit about, you know, what happened to you during this acquisition time?

MW: Sure! So Watchfire -- as you stated -- has been in business for about 11 years. We were founded in 1996. And really our focus is helping customers to evaluate their online Web sites and applications for problems. And these problems fall into the categories of quality issues that could affect the user experience, privacy and compliance issues that could get them into trouble with regulators, and lastly application security issues.

And I think what IBM and Rational saw through this acquisition was that increasingly we're seeing that security and compliance are becoming an integral part of software development processes. And what we're looking to do with this acquisition and the integration of these technologies is that Rational IBM is really the leader in software development tools and Watchfire is the leader in application security and by combining the two things together, we can help customers to build security into their applications from the start, rather than what exists today where applications are being produced in many times with no security and leading themselves wide open to hackers to exploit these issues to perform identity theft, fraud and other horrible things that we read about every day in the press.

EB: Absolutely. I guess, can you just tell me a little bit more about how you see the integration of security into a larger organization and how you think your work with the other security forces at IBM will be working together. I know that it's a little bit forward-thinking but just any thoughts you could share on that would be excellent.

MW:Sure. So, really the acquisition is being sponsored through the Rational group and that's where Watchfire will be integrated into. In that group, we're really again focused on looking at integrating Watchfire's security technology into Rational's tool set so that developers that are creating applications through from requirements to design to coding to testing to deployment can evaluate these applications for security issues throughout the software development lifecycle so that when they get to the production phase, that we know that these have been properly tested and validated and they can demonstrate compliance and good governance internally and externally.

But secondly, there are other areas outside of the Rational group that are very exciting in terms of the potential synergies that we see here. For one, WebSphere is clearly a huge force in the marketplace and integrating application security with the WebSphere tools will enable again customers to create more secure applications. Thirdly, there's the Tivoli Group, who has a number of security management technologies and by integrating these things together, will provide customers with a broader security metrics and dashboards to really understand their overall security posture.

And then the last one, which I'm pretty excited about, which is the ISS group. Where IBM acquired ISS last year, who has a lot of expertise and market presence in the network security space where they are monitoring systems and infrastructures and Web sites for network vulnerabilities and by combining Watchfire's application security scanning technology with ISS' network security scanning technology, we can really create a Best-of-Breed solution for vulnerability assessment and management.

EB: That does sound exciting! I have to say. And we don't get excited that often here…

MW: (laughs)

EB: But it sounds -- we deal with security every day, not just at work, in our coverage of these technologies but also in our own lives, in our email boxes and in denial of service attacks on ebizQ's Web site for example, as an online magazine.

MW: Sure!

EB: So, we totally get the fact that these are really important things for companies, large and small, and this is an exiting deal. So in terms of security vulnerability testing, if I can confirm this -- you're company really is analyzing Web sites as opposed to networks. Is that correct?

MW: Yes. And in general most of the focus in the past on vulnerability assessment has been scanning networks and IP addresses and infrastructure for security weaknesses, making sure that systems are not unpatched and things like that. And that's definitely an important issue and one that we want to continue to focus on. But we have seen in the last several years is the rise of applications security vulnerabilities. These vulnerabilities are operating at layer seven on the applications that are sitting on top of that network and that infrastructure. And their weakness is in the software applications that hackers are utilizing to exploit these defects and to compromise the applications to get access to sensitive data and other things that they shouldn't have.

So, really, this whole area of application security has been a very fast-growing problem and now accounts for about 75 percent of attacks on the Internet are focused on applications as well as we've seen the two most common application security vulnerabilities, namely java scripting and SQL injection. These have risen very rapidly to be the no. 1 and 2 problems that are reported out there on the Net. So this is an enormous problem that is not really being well-dealt with by many companies, because all of the existing security personnel are really focused on the infrastructure.

Software developers have never been trained on security and so this issue has not been dealt with and is sort of falling through the cracks. So what Watchfire really did very well was to create an automated solution to help customers to mitigate the risk of application security by automating the testing and analysis of these applications for these weaknesses. Basically, we are technology simulate hackers attacking your applications and it's used in the software development process to test the applications and to understand what the weaknesses are. So that these defects can be fixed before the application is allowed to go live.

EB: Okay. And if you could tell me -- I mean, maybe I'll make this the last question, I think we're going a little bit over on time, but I'm resisting the impulse to ask you about, you know, to specifically tell you about my security problems at ebizQ (laughs) and asking you for an assessment. But the last question I want to ask is about your customers. I understand you have 800 customers. And if you could tell us about those customers, whether they're large or small, maybe even what's going to happen to them when IBM completes the acquisition and sort of how you'll continue hopefully to provide the excellent service you're providing to your customers that you are at the moment.

MW: Sure. We have about 800 customers. They fall into verticals that you would assume would interested in security like banking, insurance, various types of financial services, media and entertainment, technology companies, government, organizations, utilities and telecommunications companies. These are the companies that are very concerned. They are adopting ebusiness. And building applications to transact data over the Internet and to interact with their customers and building more sophisticated Web applications and so they're most exposed to these sorts of security vulnerabilities.

They also tend to be some of the larger companies we have, nine of the top ten banks as clients. And a lot of Fortune 500 Global 2000 businesses. But increasingly, this is becoming an issue for companies at, you know, the S&B level. You may be familiar with PCI, that payment card industry standard --

EB: Yes --

MW: -- that MasterCard and Visa and other credit card issuers are pushing. That is basically impacting everybody who collects credit cards, which is almost every company in the world. And so security and applications security are becoming very relevant to all companies of different sizes and shapes. You know, our strategy through this acquisition will be too really ensure that we don't disrupt any of the great momentum that we have. And we continue to provide great Best-of-Breed security technology to our customers and great service, but that to augment and add to that with IBM's, you know, presence in the marketplace, as well as the added resources they can bring to really scale our business.

And lastly, the technology that we discussed previously that they have to integrate our software with, to provide customers with a bigger, larger solution that's more integrated vs today -- it's really a point tool in the puzzle. But to make this really part and baked in and built into systems.

EB: Well, thank you so much, really for your time today Mike Weider, the CTO and founder of Watchfire, which has been acquired by IBM, International Business Machines, who have bought a number of companies in the last couple of years. And we're very excitedly watching everything that they do here at ebizQ. This has been an ebizQ podcast and thank you for being with me, Mike.

MW: Thank you!

Posted by elizabeth in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1987

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
ebizQ Blogs
Subscribe

Podcast Feed
Elizabeth Book's Articles
Recent Posts
Categories
Archives
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
Roundtable: SOA Security - The Real Deal, or Much Ado About Nothing?
Date: Feb 27, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
The Business Process Expert and the Future of BPM: A New Role, Matched to New BPM Tools
Date: Feb 28, 2008
Time: 14:00 PM ET
(19:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map