NetContinuum Advances Trend toward Integrated Security with Industry’s First Comprehensive Web Services and Web Application Firewall
October 4, 2004 —Santa Clara, CA – NetContinuum, the worldwide leader in application firewalls, today announced the industry’s most comprehensive product available for web services and web application security and the next move in the company’s strategy to expand the role of application-layer security in a market expected to hit $2B by 2009.
Driven by both the rapid adoption of XML web services for flexible, open business process integration and the trend toward integrated security appliances, the new NetContinuum NC-1000 Application Security Gateway Web Services Edition (WSE) combines the highest protection possible for mission-critical application data with the deepest level of XML-aware security into a single, powerful ASIC-based gateway appliance — without compromising protection or performance. NetContinuum is delivering this new best-of-breed approach as part of a strategic partnership with Forum Systems, the leader in web services security (see “NetContinuum Partners with Forum Systems,” October 4, 2004). This development is expected to change the landscape for application-level security, promising customers a true best-in-class solution to address the new wave of “hidden” XML data-level attacks without forcing them to learn, deploy and manage yet another separate firewall device.
Gartner has estimated that seventy-five percent of attacks today target application-layer vulnerabilities, in large part because traditional web applications provide anyone with a browser direct access to critical business data. This threat is expected to rise considerably in 2005 with the growing adoption of XML web services. According to a new Yankee Group survey of enterprise security buyers (“Spending on Application Security Accelerates Security BPO”), web services security is now one of the top budget priorities for 2005, ahead of traditionally strong security categories such as network integrity, data security and identity management. For specific examples of XML web services threats please visit https://www.netcontinuum.com/welcome/get/page.cfm?n=webSvc.
When it comes to protecting against the combined threat of web application and web services attacks, new research also indicates that customers do not want to deploy separate security devices for each new threat. According to a new survey of Fortune 500 CSOs conducted by independent market research firm, SalesRamp, 70% of all enterprise security buyers believe XML firewalls are critical, but want their existing web application firewall vendors to provide comprehensive XML security as part of a single, tightly integrated application security gateway.
“Addressing web services security requirements in isolation from existing application security implementations creates undesired and costly administrative burdens. To get the best return on their web services investment, organizations clearly require the integration of web application and web services security into a single comprehensive application layer firewall,” asserted Wes Wasson, Chief Strategy Officer for NetContinuum. “At the same time, customers expect the best of both worlds – other ‘lite’ add-ons to existing products just don’t offer the depth of features and continued innovation to protect their business.”
Industry analysts agree that a best of breed approach to integrating these two layers of security makes a lot of sense. “When evaluating the risk of buying from specialist vendors, users should favor those with greater breadth and depth in their go-to-market strategies,” commented Forrester analyst Randy Heffner in his September 2004 report, Web Services Landscape: Four Centers Of Gravity.
Bringing ASIC-Based Performance Advantages to Integrated Security
Because web services introduce the additional computational requirements of XML processing, software solutions running off-the-shelf hardware will not scale to meet the enterprise performance requirements of a combined web application and web services security approach. NetContinuum provides the ASIC-based processing power designed specifically to address these computational challenges.
Implemented on a on a robust, reliable and secure platform the NC-1000 hosts the largest security ASIC ever built. The NC-1000 Application Security Gateway is the only application firewall on the market designed from the ground up with strict data center requirements in mind. Integrating web application and web services security functionality on the same powerful platform, the NC-1000 WSE leverages the comprehensive suite of security features including SSL acceleration, access control, and data theft protection, to provide highest level of protection and performance available for web and XML enabled applications.
NC-1000 WSE: Enterprise-Class Web Services & Web Application Firewall
The NC-1000 WSE includes all features of the award-winning NetContinuum Application Security Gateway with all features of the award-winning Forum XWall web services firewall in a standards-based, single footprint solution with a consistent management interface and integrated audit trail, allowing organizations to streamline deployment times and lower administrative costs.
The new XML web services benefits include:
XML Threat Protection:
* Easy to secure web services at the perimeter without having to learn all the details of XML
* Methods-based approach stops the underlying methods used to compromise XML-enabled applications, preventing even unknown or “accidental” XML threats
* Web Services Cloaking masks the true internal URI of mission-critical web services, making them more difficult for hackers to target
* Automatically validates XML schemas to ensure full compliance to the protocols and specifications governing their use
* Inspects and validates SOAP envelopes, headers and message content to ensure that all web services are correctly formed
* Conducts full XML content inspection, looking for policy violations such as oversized messages, unexpected field values and inappropriate external references
* Ensures that all web services transactions conform to extensive WS-I Basic Profile requirements for security and interoperability
* Protects against targeted XML attacks such as SQL injection, Xquery injection, and XML rerouting as well as XML Denial of Service (XDoS) threats such as coercive parsing, external entity attacks, jumbo payloads, and recursive elements attacks
Web Services Deployment and Controls:
* Lets security administrators set tight limits on web services usage without having to learn all the details of XML
* Gives security managers a single consistent interface for managing web application and web services security
* Allows application developers to safely extend new web services to partners without compromising perimeter security policies
* Allows developers to roll out secure web services in hours instead of months
* Leverages existing access control infrastructure to allow rapid deployment of new web services with no risk
* Lets security managers control access to enterprise web services based on user ID, URLs and individual SOAP messages
* Provides detailed, integrated logging and audit information for all web application and web services events
* Helps IT operations avoid costly unscheduled patching of application servers to cover new exploits
Pricing and Availability
Pricing for the NetContinuum Application Security Gateway Web Services Edition (WSE) begins at $39,000. Current NetContinuum customers can purchase a software upgrade to the new Web Services Edition for $10,000 for each of their existing NetContinuum application firewalls. The integrated product will be released to early access customers in December.
About NetContinuum, Inc.
NetContinuum is the leading provider of ASIC-based application firewalls that deliver the highest level of application protection available. The NetContinuum Application Security Gateway product line reduces the risk of data theft, financial fraud and loss of customer confidence due to web application attacks. It is the only product on the market to pass rigorous independent certification from ICSA Labs against both network and application-layer security threats, including data theft, cross-site scripting, SQL injection, command execution, information disclosure and authentication bypass. NetContinuum boasts an impressive customer base comprised of Fortune 1000 enterprises, government agencies and service providers. For more information, please visit www.netcontinuum.com or call 408-961-5600.