Many thanks for your comment. I should clarify my statement, which perhaps falls victim to its comma! I was speaking about network level to application integration. I do remember WebCohort, as I recall it isn’t an in-line solution, and works at the higher layers of the OSI stack (different to F5′s solutions, which start from the transport layer). In that respect, I agree with you – application and database security have been integrated for a while.

The interesting evolution is combining deep-inspection and application level gateway technologies (ie security with in-depth understanding of the application), with very high performance in-line packet filtering/load balancing technologies (1 and even 10Gig interfaces are increasingly common at the web front end).

Traditionally it has been a choice between either speed or performance. On-line data centres need both. Different product sets working together to combine the two is relatively new development – although Juniper Networks and Cisco Systems have been doing little pieces for a while, especially to support blocking DDoS attacks.

However, I would like to correct this statement:

“While much has happened to deliver more integration between the lower network levels and applications, no-one has really tackled the problem of integrating application and database security – at least not in the web application space.”

Imperva’s first commercial release of SecureSphere in 2002
(We were called “WebCohort back then…the link is here http://www.imperva.com/news/press/2002-oct-30.html) actually did just that. Since then, we’ve come a long way in improving on the functionality and we have hundreds of customers using SecureSphere to protect the full stack, including both the application and the database. Our product line has won awards both for Web Application Firewall and Database Security.