XML Security in Teros Secure Application Gateway
New Teros Gateway Provides Production-Ready Protection for Safe Deployment of Web Services
Teros Secure Application Gateway Unifies XML and HTML Security to Protect Against Application Attack and Misuse
San Francisco, CA, USA. March 08, 2004
Teros, the company that secures web infrastructures from application-level attacks, today announced a new version of its award-winning Teros Secure Application Gateway that delivers learning-based XML attack protection for safely deploying web services today. The Teros Gateway is the only appliance that simultaneously protects XML and HTML applications, while preventing the disclosure of private data that can lead to identity theft. This integrated protection eliminates the need to deploy and manage a separate security infrastructure to protect new or existing web services applications. These new XML security capabilities are available at no additional cost on all Teros Gateways.
"Traditional security infrastructures were not designed, and as such are unable, to adequately protect web services from attack," said Ray Wagner, research director, information security strategies at research firm Gartner. "Many enterprises are deploying web services alongside traditional web applications. Integrated products that enforce security policies across both types of applications hold the potential to reduce capital expenditures and deliver more consistent security."
Web services are vulnerable to many of the same threats as HTML applications, including buffer overflows, SQL injection, and denial of service attacks, and are even more attractive targets for hackers since they often connect directly to mission-critical databases and back office applications. To secure web services and the data they access, the Teros Gateway combines advanced application learning, identity theft protection and application-layer attack defenses.
Learning Engine Secures XML Inputs
Teros' adaptive learning engine learns the XML messages and data types received by applications with WSDL (Web Services Description Language) interfaces. Once correct behavior is learned, the Teros Gateway recommends constraints on application inputs to prevent attackers from inserting unexpected or malicious data that could compromise the web service. For example, the Teros Gateway will block the submission of a script to a web services port if that interface port is only expecting accounts numbers. By learning correct application behavior and controlling application inputs, the Teros Gateway protects against both known and unknown attacks.
Identify Theft Prevention
For web services applications that handle sensitive data such as credit card numbers, social security numbers and account numbers, the Teros Gateway ensures these data objects are never compromised by an application attack. Teros' family of SAFE modules detects the presence of protected data types in application responses and can remove or mask the information before it is disclosed. This capability is critical for organizations that are planning to broadly expose legacy mainframe or client/server applications to the Internet via web services interfaces.
Blocking Application Layer Attacks
To defend web services against defined application attacks, the Teros Gateway incorporates proven defenses against specific exploits, including buffer overflows, SQL injection, and denial of service attempts. By stopping attacks concealed in web service messages, the Teros Gateway protects not only the application, but also the application platform and server operating system.
"In our discussions with leading corporations that are adopting web services, the single most requested security capability was attack protection for XML applications," said Bob Walters, president and CEO of Teros. "The caveat, however, is that they want a single security infrastructure that can secure both their web applications and web services. The new Teros Gateway, by design, meets both these requirements."
Web Services Standards Support
The Teros Gateway delivers Deep Stream Inspection of XML traffic and provides confidentiality for web services data using ASIC-based SSL acceleration. It enables security managers to block access to any web services operation, as well as stop malicious XML inputs to an application's WSDL interface. In the second quarter of 2004 Teros will add support for emerging standards including WS Security, SAML, XML encryption, and XML signatures.
Teros Secure Application Gateways
Teros Gateways are hardened security appliances that are deployed directly in the data path of application traffic and block attacks not detected by network-based firewalls and intrusion prevention systems. Teros Gateways enforce a positive security model that only permits correct application behavior, without relying on attack signatures. Using unique Deep Stream Inspection technology Teros Gateways analyze all bi-directional traffic, including SSL-encrypted communications, to secure application environments. In addition, Teros Gateways protect personal data and prevent identity theft by blocking private information such as credit card, social security, and account numbers before they can leak out of a web application.
Pricing and Availability
The Teros Gateway with web services security will be available later this month from Teros and its business partners worldwide. Pricing starts at $25,000 USD.
Teros develops quick-to-deploy, self-configuring secure application gateways that protect applications from known and undocumented security vulnerabilities and attacks without relying on signatures. Teros customers are Fortune 1000 companies, government agencies, and large web site operators that need to protect sensitive applications and data from unauthorized access or malicious use. Teros Gateways enable companies to comply with regulatory requirements such as HIPAA, GLBA, the California SSN Privacy Law, and SB 1386. Teros is privately held and headquartered in Santa Clara, California. To contact Teros call 408-850-0800, visit us on the web at www.teros.com, or write to email@example.com.
Marc Gendron Public Relations
Tel: +1 781-237-0341
Prepared by Robin Cover for The XML Cover Pages archive.