This article can also be found in the Premium Editorial Download "Information Security magazine: Security Products Readers' Choice Awards 2007."
Download it now to read this article plus other related content.
GOLD | IBM WebSphere DataPower XML Security Gateway XS40
They say you never get fired for buying IBM. Information Security readers are in line with that thinking when it comes to securing
They made IBM's WebSphere DataPower XML Security Gateway XS40 their top choice in the application security category.
Further validating the hype over service-oriented architecture (SOA) and the standards-based XML applications around it, readers said the XS40 appliance did better than counterparts at detecting, reporting and preventing known and unknown attacks. It also scored well in integration with other security tools for remediation and reporting, and ease of installation, configuration and administration.
IBM, in 2005, acquired DataPower and its trio of products, which also includes an XML accelerator and an integration appliance. As with any SOA or Web services product, standardization is critical. In addition to the WS-* family of standards, the DataPower appliances support a new breed, including XACML, which is a standard for uniformly expressing fine-grained authentication and authorization rules. This is key with SOA applications, whose machine-to-machine interactions must properly exchange credentials to ensure a secure transaction. XACML enables companies to move authorization rules from one enforcement point to another.
"CISOs are looking at SOA in two ways--one, if the security piece isn't done right, this is a huge liability, exposing the back end to new threats and unauthorized access," says Eugene Kuznetsov, founder of DataPower. "The other part is, if you do this right, your security and compliance improve at the same time."
The DataPower appliance acts as an XML proxy that can parse and validate XML schema, encrypt XML message flows and verify digital signatures. Enterprises can use it as an enforcement point for XML and Web services interactions, providing not only encryption, but firewall filtering and digital signatures.
Some of the country's leading banks have deployed the appliance to process mortgage applications using XML or Web services, validating messages and making calls to authentication systems. It's also present in the Department of Defense for internal security between different tiers of applications and filtering messages between classified networks and applications.
"Customers are increasingly recognizing that to make applications scalable to make the business agile, you can't have security architecture teams go into every application, audit and modify it to make sure it's secure," Kuznetsov says. "There is a trend of figuring how to move security to hardware or other tiers, abstracted out of applications."
SILVER | SPI Dynamics WebInspect
BRONZE | Citrix Application Firewall
Citrix's Application Firewall models application behavior, then applies policy against the baseline; any application straying from the baseline is treated as malicious and blocked. In earning the bronze medal, the product scored well on preventing known attacks and vulnerabilities, as well as detecting and reporting them. It also scored consistently well in support and installation, and most respondents in this category said they were satisfied with their investment ROI. Citrix touts the product's ability to learn application behavior and generate policy recommendations. Citrix says it can be deployed as a standalone firewall or in tandem with the Citrix NetScaler Application Delivery Systems.
This was first published in April 2007