A BATTLE IS brewing between traditional firewall players and a new breed of XML-application firewall vendors as both push
wares that promise to protect enterprises from the security threats Web services may bring.
Analysts say that whereas most of the mainstream firewall players, such as Symantec, Network Associates, Cisco, and even
Microsoft, rest on their laurels, a group of startups is emerging to take dead aim at securing Web services.
Stepping forward on Tuesday, Check Point Software Technologies will be the first of the stalwarts to make a move in the
Web services sector when it unveils a SOAP and XML strategy within its FP3 (Feature Pack 3) software upgrade. Due next month,
FP3 will include SSL VPN capabilities and stateful inspection of SOAP and XML traffic within HTTP and HTTPS, said Neal Gehani,
senior product manager at Redwood City, Calif.-based Check Point.
FP3 will enable Check Point's products to provide an integrated network and application layer that performs authentication,
routing, QoS (quality of service), and management of Web services transactions and messages.
"With XML firewall [vendors], you're not taking into account breaching of the network layer; you're getting to the application
[security] filter," Gehani said. "It's too late by then."
Matthew Kovar, an analyst at Cambridge, Mass.-based The Yankee Group, said that Check Point has yet to be tested against
new applications that require a stand-alone proxy. Kovar also questioned the company's expertise to identify all types of
malicious activities Web services and its protocols may bring.
"Can [Check Point] identify patterns in the anomalies?" Kovar asked. "They haven't done it in the past, and it will be a
challenge for them going forward."
Kovar continued that competitor Cisco has much to gain but could fall flat as it digs its heels into a muddled security
posture around Web services. "They're the ones who have the most to lose in this space, and they don't even know it. I honestly
don't know where they're going," he said.
Officials from San Jose, Calif.-based Cisco declined comment for this article.
Smaller players, meanwhile, are moving forward.
Last week, XML firewall upstart Quadrasis introduced its SOAP Content Inspector, an entry-level point for customers to wrap
authentication, authorization, and alerts around bidirectional SOAP and XML messages. The software product offers a proxy-based
approach that does not depend on a Web server, and it supports fledgling Web services security standards such as WS-Security,
Microsoft Passport, and SAML (Secure Assertion Markup Language).
Its SAML-assertion capability makes SOAP Content Inspector a cut above the competing XML firewalls flooding the market,
such as those from Vordel, Westbridge Technologies, and Reactivity, said Jason Bloomberg, a security analyst at ZapThink,
a Web services research company in Boston.
Yet Mark O'Neil, CTO of Boston-based Vordel, said that the binding of SAML and WS-Security is very much a "work in progress"
and may pigeonhole authentication efforts. "If we support that before [it is a standard], we won't be interoperable with anyone,"
O'Neil said.
Indeed, Yankee's Kovar said that much remains unknown about Web services security. "We just don't know yet enough about
how [Web services] vulnerabilities will be combined; how threats will be created; and how hackers will take advantage of weaknesses
in the system," Kovar said.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
