Two significant events in the database security market occurred this week. On the one end of the spectrum Guardium, a late stage database security startup, was purchased by IBM for $225 million.

Mathieu Dessus has create a patch for WAFWOOF, a tool that identifies WAFs remotely using fingerpriting to identify Imperva SecureSphere. As far as I understand the patch simply checks that the HTTP response version is 1.0. I am not sure and would appreciate any comment on why this would identify a SecureSphere.

SearchSecurity is running a story about Agilent use of WAFs. Agilent bought WAFs for PCI compliance but found that they are very useful for providing insight to data flow and sensitive information in the organization.

As usual, RSA is the time of year companies choose for major announcements. The WAF announcements this year focus, following the general computing trend, around cloud computing:

• Art of Defense, a WAF vendor from Germany, has launched its SaaS WAF solution which target mostly service providers and SaaS vendors.
• Savvis, a web hosting turning into cloud services company, has added WAF in the cloud offering based on Imperva SecureSphere WAF.
• SecureWorks, a managed security services provides, announced full management for Imperva SecureSphere and monitoring for other WAFs.

Two challenges facing WAFs in the cloud are bandwidth and complexity.