Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today announced that it has entered into a definitive agreement to acquire Sqreen, a SaaS based security platform that enables enterprises to detect, block and respond to application level attacks. The addition of Sqreen’s application security capabilities will provide development, security and operations teams a unified platform to deliver and manage secure and resilient applications.
Modern application security vulnerabilities range from oversights in how code was written to configuration issues in underlying infrastructure. However, these issues are complex to detect, prevent or troubleshoot, because application security crosses lines of responsibility between developers who write the applications, operations teams who run them, and security teams who are responsible for securing these applications. Sqreen’s proven application security management platform provides Runtime Application Self-Protection (RASP) and in-app web application firewall (WAF) that is already utilized by hundreds of development, operations and security teams in production to detect and block code level exploits while allowing legitimate traffic.
“The application layer is currently one of the most vulnerable and exploitable attack surfaces,” said Olivier Pomel, CEO, Datadog. “In combining Sqreen with Datadog, we plan to close the gap between application developers and security teams and provide our customers robust application security, without the disjointed visibility, high implementation costs and steep learning curve of traditional application security products.”
“Today’s announcement marks an exciting new chapter for Sqreen that will enable us to deliver on our mission of creating a more secure future for all organizations,” said Pierre Betouin, CEO, Sqreen. “As part of Datadog, we will be able to accelerate the way we build security tools that automate application protection, threat detection, and security monitoring to deliver more value to customers.”
According to 451 Research, part of S&P Global Market Intelligence, security is a team sport, meaning security professionals within an enterprise will be called upon to work in a matrix with a number of different functional teams. This approach is common in endpoint management and network security, and it’s increasingly going to be part of the management of cloud infrastructure. Application security is no different – security’s reason for existence is the implementation of processes to protect the enterprise from a host of threats, and thus that team typically holds budget, implementation expertise and the motivation (via how it is measured) to insist on continuous process improvement around the protection of information. Enabling other teams by federating certain day-to-day activities can further this mission, but it doesn’t absolve information security from, in the context of application security, ensuring tools work for developers, making sure tools are being used and run, and reviewing the status of vulnerabilities.1
The transaction is subject to certain customary closing conditions, including receipt of required regulatory approvals, and is expected to close in Q2 2021.