Overview

Cenzic at a Glance

Founded:	June 2000 – Privately held
Overview:	Cenzic provides software and SaaS products to protect Websites against hacker attacks. Unlike network security and SSL solutions, Cenzic tests for security defects at the Web application level where over 75% of attacks occur. Our dynamic, black box testing of Web applications is built on a non-signature-based technology that enables us to find more “real” vulnerabilities.
Products:	Software (Cenzic Hailstorm Enterprise ARC and Professional) SaaS (Cenzic ClickToSecure) Services (training courses and assessment methodology)
Awards:	Tomorrow’s Technology Today Award (InfoSecurity Products Guide, 2009) Top Hot Companies Award (Network Products Guide, 2009) Best Buy Award (Information Security Magazine, 2008) Global Excellence Award Winner (InfoSecurity Product Guide, 2008)
Management:	John Weinschenk, President and Chief Executive Officer Warren Bell, Vice President, Sales and Operations Lars Ewe, Chief Technology Officer & VP of Engineering David Ferguson, Vice President, Finance & Administration Steve Gibson, Vice President, Business Development Mandeep Khera, Chief Marketing Officer
Investors:	Cenzic is funded by Advanced Technology Ventures, Hummer Winblad Venture Partners, JK&B Capital, Mohr, Davidow Ventures, and Symantec Corporation.

Cenzic Background

Cenzic was incorporated in June 2000 in Santa Clara, California to help secure networks and Web applications against hacker attacks. However, in 2002 the company decided to focus solely on Web applications. After successfully competing against other first-generation Web scanners, Cenzic decided to completely re-start its product development efforts and build a brand new technology backbone from the ground up. This effort began in 2003 and in February 2006, Cenzic debuted its “next generation” product architecture that is a truly unique technology (we’ve termed as “Stateful Assessment™), rendering more accurate results than any other Web scanner vendor in the market. We consider ourselves the Google of the security industry – ahead of all others.

As of January 2009, Cenzic employs over 65 people and has more than 500 companies using its software and SaaS solutions including many Fortune 500 organizations. Cenzic is privately owned.

About Cenzic

Cenzic provides software and SaaS products to protect Websites against hacker attacks. Unlike network security and SSL solutions, Cenzic tests for security defects at the Web application level where over 75% of attacks occur. We’re like a “hacker in a box”.

The winner of numerous, independent awards including SC Magazine’s Best Buy, Cenzic goes beyond signature-based tools to find more “real” vulnerabilities. Until now, this level of accuracy and speed could not be obtained, even through methodical, manual assessment by security consultants. Cenzic can automatically find the most threats fast with the fewest false positives —across any enterprise application—legacy or new.

Cenzic Products

Our flexible product model is a unique differentiator in the security industry. Cenzic offers clients a choice of software, SaaS, or a combination of both products (our hybrid offering). This is a huge benefit as it gives you the ultimate flexibility in managing your Web application risk, as IT resources and security knowledge are ever-changing.

SaaS:

For companies who need a cost-effective way to test their Web applications remotely, use Cenzic’s SaaS model. It’s designed for firms who understand they could be vulnerable, but don’t have the resources or the budget to act. It’s the best way to “kick start” your security posture, as you’ll get a report from Cenzic in just one week on your vulnerability status.

• Cenzic ClickToSecure ARC

Software:

Cenzic offers traditional software (enterprise and desktop) so you can run your own assessments behind the firewall to find the latest security defects.

• Cenzic Hailstorm Enterprise ARC
• Cenzic Hailstorm Professional

Hybrid Model:

Cenzic offers a hybrid solution of both SaaS and software products. This approach is used by organizations wanting to deploy software in-house but need to supplement their resources due to the large volume of Web applications. Both products are seamlessly integrated and results are compiled in a Web-enabled, intelligent dashboard.

Professional Services:

Cenzic’s professional service offerings are geared to help information security teams get up and running with best practices and procedures for securing their Web applications.

• Training
• Assessment Methodology

Key Customer Benefits

By using Cenzic to help secure your Web applications, you’ll realize the following benefits:

• Improved security posture for all Web applications tested
• Reduced risk and liability
• Reduced costs for security assessment
• Reduced development and testing costs
• Faster time-to-market for internally developed applications

Market, Customers, and Partners

Cenzic targets government agencies and corporations that use the Internet to execute key business functions. Many of Cenzic’s customers today are from financial services, e-retail, technology, and government sectors.

Cenzic has partnered with various leading-edge solutions to provide customers with a complete solution for the software development life cycle (SDLC), including HP (Mercury) for Q.A., Borland for development, Ouncelabs for source code scanning, and Imperva for Web Application Firewalls (WAFs).

Cenzic Technology

As discussed above, Cenzic’s technology goes beyond a signature-based approach by emulating a true hacker with a Stateful Assessment™ approach that maintains the state of the application while attacking the application at the browser level. This approach allows Cenzic’s solutions to be the only ones to find all critical vulnerabilities, including application logic tests such as session hijacking, strong passwords, and privacy policy validation, on top of all the core vulnerabilities such as XSS, Buffer Overflow, SQL Disclosure, and others. Furthermore, only Cenzic solutions can test for vulnerabilities across all types of applications, including commercial and proprietary applications, and Web infrastructure.

This non-signature-based approach has made Cenzic solutions the most accurate in the industry, with very few false positives and false negatives.

Why Network Security Is Not Enough

Businesses and government increasingly rely on Web-based applications for business transactions. But due to their open nature, they contain a plethora of security vulnerabilities.

Traditional application security solutions have focused on solving perimeter security issues with tools such as Firewall, Intrusion Detection System (IDS), Anti-Virus, and Network Vulnerability Assessment. These security tools, although effective in their own right, do not address the security vulnerabilities exposed through Web applications -- Ports 80 and 443 (SSL) -- that must be left open to conduct business.

CIA Research

Our customers also get the benefit of our leading-edge research lab, Cenzic Intelligent Analysis (CIA). The lab focuses on evaluating new security vulnerabilities in both commercial and common applications, and feeding custom attack objects into the SmartAttacks™ Library, which is then pushed out regularly to our customers.