Imperva, the security company best known for its database security offerings, is buying Distil Networks, a bot security vendor that also brings it API security. Ovum sees further evidence of the trend for DDoS mitigation and web application firewall (WAF) vendors to add bot and API security.
Bot security needs to sit in a broader portfolio
Founded in 2011, Distil was an early pioneer in bot security and has several hundred customers. The market has matured in recent years, with major players such as Akamai and Cloudflare now offering the capability as a service alongside their DDoS mitigation and WAF services. Akamai also offers API security, and Cloudflare has it on its roadmap.
Other players in DDoS and WAF, such as Radware, have also been acquiring capabilities in bot security, and Oracle acquired a bevy of cloud-based capabilities with last year's purchase of Zenedge.
There is clearly a convergence underway in the market, whereby companies with one of the four capabilities are either developing or acquiring to add the others in order to offer a consolidated portfolio for the protection in particular of web (WAF and bot) and cloud (API) assets (with DDoS mitigation covering both environments), as well as on-premises infrastructure.
In this scenario, Distil had begun to look a little short of functionality. As such, acquisition by Imperva, which already has a DDoS service and WAF technology, puts the combined companies' offering on a par with those of various other players in this space.
On the Radar: CDNetworks targets SMEs with its security services, INT003-000027 (January 2018)
On the Radar: Zenedge offers web application security services from the cloud, INT003-000010 (November 2017)
On the Radar: Distil Networks, IT0022-000496 (August 2015)
"Radware adds bot security with ShieldSquare buy," INT003-000314 (January 2019)
"Oracle jumpstarts its cloud security offerings with Zenedge acquisition," INT003-000053 (February 2018)
Rik Turner, Principal Analyst, Infrastructure Solutions