Qualys launches open source firewall project

Qualys opens up on a web application firewall project, admitting it is taking a risk with competitors.

Firewall

Qualys has announced an open source project to design a superior web application firewall.

Codenamed IronBee, the initiative will see security professionals share ideas under the Apache Software Licence v2.

Qualys was inspired to start the project due to the rise in the use of web apps and the emergence of cloud computing, which together have opened up businesses to even more threats.

"No single company alone can fight the sophistication of attacks we are now facing," said Philippe Courtot, chairman and chief executive (CEO) of Qualys.

Akamai Technologies has already signed up, but there was no word on what products either company would commercialise at the end of the project.

Ivan Ristic, director of engineering at Qualys, told IT PRO the end goal is to produce an exceptional product that the company can take to market and he was not concerned about sharing code with competitors.

"There is certainly a risk for us for someone else to use the code and create a rival product, but we are willing to take that risk," Ristic said.

"A large part of this project is going to be information sharing on threats, on what the bad guys are doing, etc."

Although he could not give any precise figure, Ristic said Qualys has poured a significant amount of investment into IronBee, with three people working full time on the project and another threat researcher set to join soon.

By making IronBee open source, businesses will also benefit as any product coming out of the initiative would not lock firms in with the vendor, Ristic said.

Qualys hopes to have whatever comes out of the project in production by the third or fourth quarter of this year, Ristic said, pointing out "you have to make your money somewhere."

"Open source doesn't have anything to do with business," he added.

Elsewhere, Qualys has been busy at the RSA Conference USA 2011, where the firm again indicated it is running a noticeably open operation.

For instance, the firm announced QualysGuard Vulnerability Management can now integrate with Trend Micro Threat Intelligence and Trend Micro Deep Security.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021
150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
Can Pat Gelsinger get Intel back on track?
chief executive officer (CEO)

Can Pat Gelsinger get Intel back on track?

13 Jan 2021