AppScan, an Application Security Visionary

Recently Gartner released their 2020 Magic Quadrant report for Application Security.  I wanted to provide some context and commentary as to why I believe that you are in great hands with HCL AppScan.  This is my 15^th year working as part of the AppScan team. I originally joined Watchfire back in January of 2007 and later that year, moved to IBM as part of the AppScan acquisition. Needless to say, I have seen a lot during the past 15 years. I was there in the glory days when AppScan was repeatedly considered by customers and analyst firms as an industry leader, and I was also there through the less glorious years when some customers questioned our commitment to the business.

Truth be told, there was uncertainty around AppScan after the partnership with HCL was announced in January 2017. At that time, like many of our customers, I wasn’t sure what will this partnership mean. Was HCL going to invest in the product or simply form a business supporting its large loyal customer base?  With that uncertainty, coupled with whispers from  competitors, it wasn’t a big surprise to hear concerns around the future of AppScan, and our ability to execute on its vision.

However, just as uncertainty can lead to doubt, it can also lead to great promise.  Over three years have passed since the original partnership with HCL, and I can proudly say that a lot of promise has been realized since that day in 2017. HCL has shown a tremendous commitment to the AppScan business, removing any doubts I had. As just one example: since March of 2017, HCL grew the size of the development team by more than 2.5X, the security research team by 4X, doubled the product management team, and we are still growing. All this hard work and investment in the product culminated earlier this year with the release of AppScan V10, our first major version under the HCL brand with its Fast, Accurate Agile Security Testing.

AppScan V10, with its new passive IAST offering, Test Optimization, Incremental DAST scanning, AI powered SAST, AppScan CodeSweep and many more enhancements was released only 9 months after the official transition to HCL.  An impressive release on its own, but what is even more remarkable is that the team did this transitioning to the new company without disrupting our customers. In fact, our customer satisfaction, as measured by NPS, grew by 80%. Just last week a Senior Director of Cybersecurity in a large insurance company sent me the following note:

 “We have been an AppScan customer for many years now, but it wasn’t until the recent HCL acquisition that we really began to see a concerted investment in the technology. Over the past year or so the number of enhancements has been great, and the roadmap provided by HCL aligns directly with our application security strategy. We look forward to the continued partnership with HCL.”

With all this great news, you might ask, “Why then did the Gartner analysts decide not to include AppScan in the Leaders’ quadrant?”  We think that there are two reasons worth addressing.  First, I can acknowledge that for a new player, with no brand recognition, it can be much harder to acquire new customers. Second, the analysis was done prior to the release of AppScan V10, the launch of a new IAST technology and before we could fully demonstrate successful execution in winning new business.

However, I am pleased to say that it was not just our existing customers who embraced the change to HCL. In the first 9 months since AppScan transitioned to HCL on July 1^st, 2019, AppScan has acquired more than 70 new customers, including in regions where our previous footprint was very small. These customers saw the investment by HCL, the commitment to customers’ success and the unique value AppScan’s breadth of technologies and innovations could bring to their business and so, decided to join our family.

None of our V10 product improvements could contribute to our early 2020 evaluation. So, AppScan was measured on a major version of the product that was 6 years old, with point release enhancements.  In spite of this fact, HCL AppScan was highly rated on both DAST & SAST the two most common scanning technologies .

We feel that the placement we received in the Visionaries quadrant affirms our commitment to innovation and the investment being made in our technologies. If you would like to learn more about V10, and the new AppScan, don’t hesitate to reach out.