IBM Internet Security Systems IBM Internet Scanner, Proventia Network Enterprise Scanner, and/or IBM
BIG-IP Application Security Manager
F5 Networks' BIG-IP Application Security Manager (ASM) finished a close second to IBM in this category, with strong scores for its effectiveness in preventing known attacks and/or vulnerabilities, and vendor support and service.
ASM acts as a proxy accepting traffic before it hits users, protecting applications from the gamut of Web app threats such as cross-site scripting and forgery, SQL injections, escalation attacks and more. It does so aided by a learning feature, introduced last fall, that monitors traffic, recognizes acceptable application behavior and refines security policies in real time.
Furthermore, ASM is also available as part of F5's application delivery controller, building a security policy based on the traffic it observes.
"Customers are not necessarily looking for a security appliance, but for data center optimization or application availability," says F5 technical marketing manager Alan Murphy.
Upcoming enhancements to ASM include an antievasion engine, as well as SMTP protection, and security for rich media applications.