Timing is everything when it comes to the success of a new technology. Get into the market too early and you will be faced with some tough choices on how to keep going until the market arrives. Get in too late and you have to invest heavily while hoping that you can catch some crumbs. History has proven that in each case it is highly unlikely that you will lead your market. However, timing a market is close to impossible so luck is probably the main factor to get the timing right.
The original Fortify Software team knows this more than most. In 2002 founder and CTO Roger Thornton had the genius vision that application security would be a very large component of the information security landscape. Along with his partners, Roger built the first set of real application security products for the enterprise and quickly defined Fortify as the market leader in this new technology sector. The company was successfully sold to HP in 2010 to become HP Fortify.
When Roger and I met for the first time earlier this year, one of his first comments was “Fortify was great, but it was too early. You guys are doing it the right way and at the right time”. At the time, I did not really understand what he meant. I saw Fortify as a success like everyone else. But after spending some time with Roger, I realized that the scanning component of Fortify was only meant to be a small part of a much bigger picture.
The real innovation was their runtime product, which has now evolved into HP Application Defender. The Fortify Runtime product was a great piece of technology but customers were simply not ready to embrace it. It was one thing to sell scanners to developers to improve the quality of their code; it was another challenge to displace network appliances with a software solution in a network-driven environment.
In 2005 the market turned towards WAF’s and Imperva and others started winning in the application security category. Security groups, usually populated primarily by engineers with a network-oriented background, did not see the need for an application security solution that would be embedded in the application and work at runtime.
That really only started to change in 2013….
That year, Kunal, my co-founder, and I decided to create Prevoty. At the time we truly did not have a clue that Prevoty would be competing with HP’s runtime product, or even that we would become an enterprise application security company. All we knew was that WAF’s did not protect applications against application layer attacks. Having a lot of experience working with WAF’s, Kunal knew with certainty that the application could only be truly protected from inside the application itself.
That’s when luck comes into play. We had the same hunch that Roger had 10 years earlier: we must protect applications at runtime. In 2013 we did not know that the market would be ready for that but we fought our way into every possible security group to get feedback and evangelize.
Two years later, Prevoty is a 2015 Gartner Cool Vendor in Security Infrastructure Protection and RASP, or Runtime Application Self-Protection, is the only application security technology with a “Transformational” rating in the latest Gartner Application Security Hype Cycle. Their highest rating.
So how does `love at first sight’ come into play?
We are a real company now, with amazing employees, customers, investors, and partners, and there are a number of significant new responsibilities that come along with that. One is that we need a strong Board of Directors. In addition to Kunal and myself, we have been extremely fortunate to secure Board members Steve Krausz, General Partner at our lead investor USVP, and Shinya Akamine, Founder of Core Venture Group who represents our seed investors. They are outstanding investors, advisors and friends.
For good governance, the Board decided that we also need an additional independent board member. So we looked for someone who had seen it all in application security and could provide deep insights into our journey….
Enter Roger. When Kunal first met Roger, he fell in love - a meeting of genius technical minds sort of love, but love nonetheless. When I met him, I too fell in love but for different reasons: Roger has a great business brain and we both hate losing.
Roger brings the perfect balance of business and technology knowledge and the prefect balance between past and current successes with Fortify and now with AlienVault. Roger wants to win big, and wants a second chance at realizing his vision for runtime application security.
We are so lucky that he accepted to take that chance with Prevoty by joining our Board. Thank you, Roger, and welcome to the Prevoty team.
Read the full press release.