Application security, next-gen technologies, and secure development
WhiteHat Security excels in defending web applications in production environments
Michael Novinson (MichaelNovinson) •
April 27, 2022
Synopsys has agreed to purchase WhiteHat Security from NTT Security for $330 million to protect web applications in production environments in an automated and scalable way.
The Mountain View, Calif.-based semiconductor testing and application security provider said its proposed acquisition of San Jose, Calif.-based WhiteHat will provide ongoing security testing for hundreds or thousands of applications on live websites securely, according to Jason Schmitt, general manager of Synopsys Software Integrity Group.
“WhiteHat Security is a pioneer in applying security testing as a service in a continuous and safe way for production,” Schmitt told Information Security Media Group. “Previously, we didn’t have the ability to perform continuous and scalable testing of web applications in an automated way.”
The $330 million transaction is expected to close in the fiscal quarter ending July 31 and be roughly neutral to Synopsys’ non-GAAP earnings per share in the fiscal year ending October 31. trading Wednesday (see: Synopsys, Checkmarx Top Gartner MQ for Application Security Testing).
WhiteHat CEO’s future unclear
WhiteHat Security was founded in 2001, employs 320 people and has been acquired by Tokyo-based NTT Security in March 2019 for $315 million, according to LinkedIn and Momentum Cyber. The company was renamed NTT Application Security following the acquisition and has been led since April 2015 by former Hewlett-Packard Americas Networking senior executive Craig Hinkley.
Schmitt declined to comment on the number of WhiteHat employees who will join Synopsys or Hinkley’s future with the company, citing the fact that the transaction has not yet closed.
“Because it’s such a complementarity with our customer base and the portfolio that we have, it brings immediate value to our customer base,” Schmitt said. “We also see that it brings immediate value to WhiteHat customers from the tools we offer in static analysis and open source and some other areas. The ability to build this highly complementary portfolio is a unique solution. for us.”
WhiteHat can both detect zero-day vulnerabilities at scale without disrupting live applications and can also continuously test applications in development or pre-production environments to see how they perform against known exploits. explains Schmitt. The company delivers its capabilities using a SaaS platform, which enables rapid onboarding and time to value throughout the software development lifecycle, he says.
From consulting to automation
Synopsys has historically focused on securing applications during development and before shipping by finding code-level bugs early in the process and uncovering open source risks of all kinds, Schmitt says. According to Schmitt, having security testing in production environments adds a new dimension to Synopsys’ capabilities and expands the company’s reach and operational view into live applications.
The company traditionally had to rely on consulting services to lock down production environments, but White Hat’s automated platform helps protect more applications in a way that simply isn’t possible when tests require a lot of manual work. Synopsys plans to preserve the offering White Hat customers buy today and leverage the Code Dx platform to provide a unified view of risk.
Schmitt expects many WhiteHat customers to adopt Synopsys’ Coverity application static security testing and Black Duck software composition analysis offerings so they can source all of their application security products from a single supplier. WhiteHat customers will also benefit from Synopsys’ global presence and investments in support, sales, customer success and service delivery, Schmitt said.
“They haven’t had the scale and the resources that we have,” Schmitt says. “I think the potential is very high.”
Synopsys and WhiteHat don’t have much customer overlap since Synopsys has a high concentration of high-tech and automotive customers thanks to its heritage in embedded systems and chip design, he says. That’s atypical for security companies in emerging fields, which typically focus more on industries with many early adopters such as financial services, insurance and healthcare, according to Schmitt.
From a metrics perspective, Schmitt says Synopsys primarily focuses on tracking revenue growth, employee retention, and satisfaction of existing WhiteHats as well as net new customers. Synopsys aims to achieve and sustain 20% growth in its software integrity business over a multi-year period, according to Schmitt.
“The ultimate goal here is a unified view of software risk, and this is another step towards that,” Schmitt says. “It is important to emphasize the clarity of the mission of this strategy.”