In-Depth

No soup-to-nuts solution

Although Web services blend threats targeting network and application levels, a multi-tiered approach still remains the best defense because there is no single solution that provides a full solution from soup to nuts. For the most part, Web services security solutions tend to divide into two camps: the management brokers and registries that enforce policy, and the dedicated appliances that perform the compute-intensive tasks of dissecting raw XML.

For instance, brokers from providers like AmberPoint regulate policies, such as content-based routing or determining which classes of users are entitled to which levels of service. Similarly, more specialized registries, from providers such as Infravio, Systinet and SOA Software, also aspire to performing similar high-end policy functions.

Toward the edge of the network, but usually just behind the corporate firewall, are the specialized devices that offload XML processing from application servers. Initially, devices were used to simply parse XML, identifying the headers and content of a SOAP message. Increasingly, appliances are taking on cybercop functions, ensuring that the XML is formed properly, filtering out oversize messages or corrupted content, validating identification and checking encrypted digital signatures. Some appliances, such as Fortinet’s, also bundle conventional network firewall and virus detection within the same unit, while others, such as Layer 7’s, hand off virus detection to anti-virus programs.

Back to feature: Web Services: Careful, It’s a Circus Out There...

About the Author

Tony Baer is principal with onStrategies, a New York-based consulting firm, and editor of Computer Finance, a monthly journal on IT economics. He can be reached via e-mail at [email protected].