The application security market is in a state of transition as legacy approaches to web application firewall, API protection, bot mitigation, and DDoS prevention have struggled to meet the needs of modern applications. The decentralization of application development and shift to agile methodologies, significant shortage of security skills with regards to applications, and evolution towards sophisticated, multi-vector attacks have forced organizations to rethink their approaches to application security. The evolution towards WAAP, or web application and API protection has been a direct result but remains a work in progress, with many providers just starting to loosely couple the required pieces.
One of the emerging providers in this space, and one that has developed a more native approach to WAAP, is Signal Sciences, which has agreed to be acquired by edge cloud platform provider, Fastly. There’s very little not to like about this move. The purchase price of $200 million in cash and $575 million in stock may seem a bit high, but as a private company Signal Sciences does not disclose revenue. The considerable stock component (likely made possible by Fastly’s impressive performance of late) not only helps maintain flexibility for the future but shows that both sides view this as a strategic convergence with significant long-term upside rather than a simple product addition.
In Signal Sciences, Fastly adds an innovative technology that should fit well both from an architectural and cultural perspective. Specifically:
- Practitioner-centricity. Fastly’s strong growth has been due in large part to its “by developers, for developers” culture. Signal Sciences has followed a similar ethos from a security perspective, with co-founder Zane Lackey previously serving as the CISO of Etsy and developing Signal Sciences’ approach based in large part to solve the problems he faced in that role.
- Focus on modern architectures. The ability to support a variety of architectures is critical as organizations transition to a more cloud-centric model. The Signal Sciences agent can be deployed to support not only on-premises data centers, but cloud-native, serverless, and container environments while providing the same features and user experience.
- DevOps support. To enable practitioners and address modern architectures, DevOps is a critical focal point. Both Fastly and Signal Sciences have invested here via API development, partnerships, and integrations with DevOps tools to more easily insert themselves into the CI/CD workflow.
- Loyal customers. Fastly has obviously garnered significant market attention over the last few months, but prior to that was highly regarded among its customer-base. Similarly, Signal Sciences is sticky with its customers, boasting a very high retention rate. The ability to lead with either edge compute or security and create traction regardless will be a strong differentiator.
This is a great move for both companies. Signal Sciences instantly gets access to many new prospects through Fastly’s customer base, and Fastly moves much closer to its chief competitors Akamai and Cloudflare by dramatically enhancing its security focus. The ability to provide strong application protection at the edge, while better enabling developers and DevOps teams should be a valuable combination.