Security Management Strategies for the CIO
GOLD | IBM WebSphere DataPower XML Security Gateway XS40
IBM
Price: $65,000
They say you never get fired for buying IBM. Information Security readers are in line with that thinking when it comes to securing
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
applications running in a service-oriented architecture or Web services applications.
They made IBM's WebSphere DataPower XML Security Gateway XS40 their top choice in the application security category.
Further validating the hype over service-oriented architecture (SOA) and the standards-based XML applications around it, readers said the XS40 appliance did better than counterparts at detecting, reporting and preventing known and unknown attacks. It also scored well in integration with other security tools for remediation and reporting, and ease of installation, configuration and administration.
IBM, in 2005, acquired DataPower and its trio of products, which also includes an XML accelerator and an integration appliance. As with any SOA or Web services product, standardization is critical. In addition to the WS-* family of standards, the DataPower appliances support a new breed, including XACML, which is a standard for uniformly expressing fine-grained authentication and authorization rules. This is key with SOA applications, whose machine-to-machine interactions must properly exchange credentials to ensure a secure transaction. XACML enables companies to move authorization rules from one enforcement point to another.
"CISOs are looking at SOA in two ways--one, if the security piece isn't done right, this is a huge liability, exposing the back end to new threats and unauthorized access," says Eugene Kuznetsov, founder of DataPower. "The other part is, if you do this right, your security and compliance improve at the same time."
The DataPower appliance acts as an XML proxy that can parse and validate XML schema, encrypt XML message flows and verify digital signatures. Enterprises can use it as an enforcement point for XML and Web services interactions, providing not only encryption, but firewall filtering and digital signatures.
Some of the country's leading banks have deployed the appliance to process mortgage applications using XML or Web services, validating messages and making calls to authentication systems. It's also present in the Department of Defense for internal security between different tiers of applications and filtering messages between classified networks and applications.
"Customers are increasingly recognizing that to make applications scalable to make the business agile, you can't have security architecture teams go into every application, audit and modify it to make sure it's secure," Kuznetsov says. "There is a trend of figuring how to move security to hardware or other tiers, abstracted out of applications."
SILVER | SPI Dynamics WebInspect
SPI Dynamics
Price: $25,000
SPI Dynamics' WebInspect scans Web applications for vulnerabilities introduced during development; it's a tool that can help security managers eliminate the disconnect between coders and the security office. In according it the silver medal, readers said installation, configuration and administration of WebInspect was a breeze, potentially making it attractive to developers looking for tools they can use during coding. SPI Dynamics says it has re-architected WebInspect 7 to assess the security of Web 2.0 applications built on AJAX, JavaScript, Flash and other dynamic development languages and methods. The vendor says the re-build took three years.
BRONZE | Citrix Application Firewall
Citrix Systems
Price: $45,000
Citrix's Application Firewall models application behavior, then applies policy against the baseline; any application straying from the baseline is treated as malicious and blocked. In earning the bronze medal, the product scored well on preventing known attacks and vulnerabilities, as well as detecting and reporting them. It also scored consistently well in support and installation, and most respondents in this category said they were satisfied with their investment ROI. Citrix touts the product's ability to learn application behavior and generate policy recommendations. Citrix says it can be deployed as a standalone firewall or in tandem with the Citrix NetScaler Application Delivery Systems.
This was first published in April 2007
Join the conversationComment
Share
Comments
Results
Contribute to the conversation