Search This Blog

Wednesday, September 28, 2005

Closing breaches in application security

NETWORK WORLD NEWSLETTER: SCOTT CRAWFORD ON NETWORK/SYSTEMS
MANAGEMENT
09/28/05
Today's focus: Closing breaches in application security

Dear security.world@gmail.com,

In this issue:

* Breach Security's approach to security
* Links related to Network/Systems Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nortel

Introducing the Nortel Applications Center. An open, multimedia
applications
suite created to streamline your applications environment and transform your

business communications.
http://www.fattail.com/redir/redirect.asp?CID=115897
_______________________________________________________________
IS IT THE NETWORK OR THE STORAGE THAT'S THE PROBLEM?

Midsize and larger businesses often find their IT topology has become a
complex mix of servers, networks and storage systems. Many of these
companies also route long-haul traffic over fiber-based networks -
metropolitan-area networks, WANs and private optical networks. Who's
responsible when a storage-related problem occurs on a fiber network?
For more, click here:
http://www.fattail.com/redir/redirect.asp?CID=115693
_______________________________________________________________

Today's focus: Closing breaches in application security

By Scott Crawford

The evolution of Web-based enterprise application technologies
has been one of the hotter topics in IT this year. For security
managers, however, this enthusiasm strikes a familiar and
disturbing chord. To them, the rush to place exciting new
features and functions into production has also had an
unfortunate history of exposing serious security issues before
their implications are well understood.

Their fears remain well justified. Application attacks are on
the rise, in part because their defense is a moving target. By
definition, custom code differs from application to application.
Input and output can be specific to each individual transaction.
The challenges are great: defenses must have deep knowledge of
application structure, yet must also be broad enough to embrace
a wide range of exploits.

Today's approaches to application defense largely revolve around
two domains: code analysis and operational protection. That
these two camps have become distinct is unfortunate, because
what goes into application code has a direct impact on the
effectiveness of operational defense.

We are beginning to see this gap being bridged, however, and one
of the first vendors to do so is the aptly named Breach
Security.

While other approaches to operational defense employ inline
firewalling, Breach represents an evolution of the field with a
more distributed, multilayered approach. The readily deployed
appliance form factor of Breach's BreachGate WebDefend does not
sit directly in the application data path, which would
potentially affect application availability - something which
has required application firewalls to become application
acceleration and delivery platforms as well. Instead, BreachGate
WebDefend listens to traffic and deploys countermeasures through
multilayered techniques such as blocking at a perimeter firewall
or dropping a connection at a server.

The BreachGate WebDefend appliance can devote its resources to
analytics that give operational administrators as well as
application developers and managers a more detailed view into
the actual state of application security than many alternatives.
Aided by what Breach terms BreachMarks that apply pattern
recognition to potentially sensitive outbound information, a
broad range of out-of-the-box application security policies can
be deployed as-is or modified as needed. This policy-based
threat recognition is combined with behavior-based analysis in a
technology Breach calls Adaption, which correlates normal HTTP
request-response pairs that allow it to "fingerprint" normal
application behavior and recognize variations that may indicate
a security event.

BreachGate WebDefend's event viewer allows substantial drilldown
on these events, providing the context in which an event is
detected, as well as substantial background information. This
helps bridge yet another critical gap in application security
management: the differences in understanding between developers
and operational security managers. Defenses leverage the
existing application and security architecture, through the
distributed, multilayered blocking techniques that can be
applied at key control points.

For application developers and managers, BreachGate WebDefend
offers substantial visibility into application security as it
really is in operation, providing real-world visibility into the
practical application of secure development. For operational
security specialists, the product enables them to communicate
more effectively with application teams, helping to facilitate
more realistic security enforcement.

For the enterprise, it represents a substantial step toward
closing the many breaches that continue to aggravate the
challenge of application security. Give Breach a visit
http://www.breachsecurity.com/ - they're definitely worth a
look.

The top 5: Today's most-read stories

1. Skype: Hazardous to network health?
http://www.networkworld.com/nlnsm7826
2. How to solve Windows system crashes in minutes
http://www.networkworld.com/nlnsm7617
3. Commuting costs drive up telecommuting
http://www.networkworld.com/nlnsm7827
4. McAfee,?Omniquad top anti-spyware test
http://www.networkworld.com/nlnsm6907
5. The rise of the IT architect
http://www.networkworld.com/nlnsm7020

_______________________________________________________________
To contact: Scott Crawford

Scott Crawford, CISSP, is a Senior Analyst focused on IT
security, systems and application management with Enterprise
Management Associates in Boulder, Colo., an analyst and market
research firm focusing exclusively on all aspects of enterprise
management systems and services. The former information security
chief for the International Data Centre of the Comprehensive
Nuclear-Test-Ban Treaty Organization in Vienna, Austria,
Crawford has also been a systems professional with the
University Corporation for Atmospheric Research as well as
Emerson, HP, and other organizations in both public and private
sectors. He can be reached at
mailto:scrawford@enterprisemanagement.com
_______________________________________________________________
This newsletter is sponsored by Nortel

Introducing the Nortel Applications Center. An open, multimedia
applications
suite created to streamline your applications environment and transform your

business communications.
http://www.fattail.com/redir/redirect.asp?CID=115896
_______________________________________________________________
ARCHIVE LINKS

Archive of the Network/Systems Management newsletter:
http://www.networkworld.com/newsletters/nsm/index.html

Management Research Center:
http://www.networkworld.com/topics/management.html
_______________________________________________________________
FEATURED READER RESOURCE

The Trend Micro Threat Map

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.

http://www.networkworld.com/go/trendmicro/trend_frr
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html

_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/Changes.aspx

To change your e-mail address, go to:
http://www.nwwsubscribe.com/ChangeMail.aspx

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: mailto:sponsorships@nwfusion.com

Copyright Network World, Inc., 2005

No comments: