Competing Security Vendors Join Forces and Create Industry Initiative to Make the Web Safer
WASHINGTON D.C., CSI Conference, Nov. 9, 2004 – Today at the Computer Security Institute’s 31st Annual Security Conference and Exhibition, the leading vendors in the application security market announced they have joined forces to help define more consistent and reliable standards for customers. Jeff Pancottine, Senior Vice President and GM, Security Business Unit for F5 Networks (NASDAQ: FFIV), Shlomo Kramer, CEO of Imperva, Gene Banman, CEO of NetContinuum and Bob Walters, CEO of Teros have invited Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee and Symantec to join them in submitting their products to an independent application security evaluation conducted by ICSA Labs, the global leader in information security product certification.
“With a wide array of security technologies to choose from and a lack of criteria for what constitutes adequate application protection, selecting appropriate solutions to protect the Web-enabled enterprise is daunting,” said Mary Ann Davidson, chief security officer for Oracle Corp. “Objective, independent standards for evaluating Web application security solutions will make it easier for IT security executives to make better informed purchasing decisions.”
According to a joint statement issued by the companies: “Each of our companies offers architecturally different solutions, and we compete with each other in the marketplace. At the same time, we are united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications. We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats. Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web.”
“This kind of multi-vendor collaboration is a positive development for buyers of application security. Like the established test criteria for network firewalls, a standard set of baseline criteria for application firewalls can be helpful in reducing the effort in product selection. Maintaining vendor neutrality will be a critical success factor for this effort moving forward,” said Greg Young, research director with Gartner Inc.
Application security is slated to become a $2 billion market over the next five years according to a recent industry survey by research firm Yankee Group (“Spending on Application Security Accelerates Security BPO,” September 2004). However, the lack of established industry best practices, combined with inconsistent and confusing vendor claims, have made it difficult for IT decision makers to identify products that provide legitimate protection against Web application exploits. The result is a greater risk of identity theft and security breaches that expose confidential data and violate customer confidentiality.
“Web applications often link directly to sensitive business data, making them a prime target for hackers intent on stealing financial and identity data. Organizations that do not take this threat seriously expose themselves to significant risk and increased legal liabilities,” said Jim Slaby, senior analyst at The Yankee Group. “Open initiatives by vendors to self-regulate their industry benefit customers by helping establish minimum baselines for comparing security products and sorting through sometimes confusing marketing messages.”
To assist security buyers, ICSA Labs Premier Services will carry out an independent third-party evaluation of products that purport to provide application security.
Web Application Security “Challenge” Details
Formal invitations for the Web Application Security Challenge have been extended to Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee and Symantec. In order to accept this challenge, vendors must notify ICSA Labs of their intent to participate by November 22, 2004. ICSA Labs has reserved testing resources to accommodate these evaluations, which are open only to currently shipping products. The results of all vendors who accept and successfully pass the Web Application Security Challenge will be posted on the ICSA Labs web site at the conclusion of testing. The testing criteria for the Web Application Security Challenge are available for review at http://www.icsalabs.com/services/AppSec_Requirements.pdf
Teros is the global leader in application security. The company’s mission is to guarantee the availability, integrity, and performance of Web and Web Services-enabled applications by defeating all known and unknown application attacks and accelerating application performance. Global 1000 corporations, small and medium-sized enterprises, and government agencies rely on Teros to secure critical applications, as well as protect sensitive corporate and customer information. Teros is listed as a “visionary” company in Gartner’s Magic Quadrant for enterprise firewalls and is named a “winner” in the rapidly-growing application security gateway market by Yankee Group. Teros is privately held with headquarters in Santa Clara, California. To contact Teros call 408-850-0800, visit us on the web at www.teros.com, or write to email@example.com.
NetContinuum is the leading provider of ASIC-based application firewalls that deliver the highest level of protection available for web applications and web services. The NetContinuum Application Security Gateway product line drastically reduces the risk associated with doing business over the web and is the only product on the market to pass rigorous independent certification from ICSA Labs for protection against both network and application-layer security threats, including data theft, cross-site scripting, SQL injection, command execution, information disclosure and authentication bypass. NetContinuum is listed as the most “visionary” company in Gartner’s Magic Quadrant for enterprise firewalls and is named a “winner” in the rapidly-growing application security gateway market by Yankee Group. NetContinuum boasts an impressive customer base comprised of Fortune 1000 enterprises, government agencies and service providers. For more information, please visit www.netcontinuum.com
Imperva developed the first Dynamic Profiling FirewallÃ¢â€ž? to provide total application security – including protection from Web application, database, and worm attacks – with no manual configuration or tuning. The firm’s SecureSphere gateway appliances are deployed in leading financial, healthcare, and retail organizations around the globe. Imperva is named a “winner” in the rapidly-growing application security gateway market by Yankee Group. Led by Shlomo Kramer, a Check Point Software Technologies founder, Imperva is privately funded by Accel Partners, US Venture Partners, and Venrock Associates. For more information, visit www.imperva.com
About F5 Networks
F5 enables organizations to successfully deliver business-critical applications and gives them the greatest level of agility to stay ahead of growing business demands. As the pioneer and global leader in Application Traffic Management, F5 continues to lead the industry by driving more intelligence into the network to deliver advanced application agility. F5 products ensure the secure and optimized delivery of applications to any user – anywhere. Through its flexible and cohesive architecture, F5 delivers unmatched value by dramatically improving the way organizations serve their employees, customers and constituents, while lowering operational costs. Over 6,000 organizations and service providers worldwide trust F5 to keep their businesses running. The company is headquartered in Seattle, Washington with offices worldwide. For more information go to www.f5.com.
About ICSA Labs Premier Services
ICSA Labs, a division of TruSecure Corporation, offers vendor-neutral testing and certification of security products. Hundreds of the world’s top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The Premier Services group within ICSA Labs provides security product vendors with private and public evaluations performed by the industry’s most respected experts. Premier Services also offers evaluation testing for corporations and end-users looking to analyze the myriad of offerings within a technology space.
As a part of ICSA Labs Premier Services, ICSA Labs has created the Premier Services Alliance program that consists of a select group of industry-leading vendors that provide products, services and proprietary methodologies to complement the testing and certification process. SPI Dynamics, the expert in Web application security testing and assessment, is a founding partner of the ICSA Labs’ Premier Services Alliance program. As a part of the program, SPI Dynamics provides ICSA Labs with unequivocal expertise and intelligence on Web application vulnerabilities and threats through direct access to SPI Dynamics’ distinguished internal research and development team of top security experts, SPI Labs (http://www.spidynamics.com/SPILabs/index.html