No soup-to-nuts solution
Although Web services blend threats targeting network and application levels,
a multi-tiered approach still remains the best defense because there is no single
solution that provides a full solution from soup to nuts. For the most part, Web
services security solutions tend to divide into two camps: the management brokers
and registries that enforce policy, and the dedicated appliances that perform
the compute-intensive tasks of dissecting raw XML.
For instance, brokers from providers like AmberPoint regulate policies, such
as content-based routing or determining which classes of users are entitled
to which levels of service. Similarly, more specialized registries, from providers
such as Infravio, Systinet and SOA Software, also aspire to performing similar
high-end policy functions.
Toward the edge of the network, but usually just behind the corporate firewall,
are the specialized devices that offload XML processing from application servers.
Initially, devices were used to simply parse XML, identifying the headers and
content of a SOAP message. Increasingly, appliances are taking on cybercop functions,
ensuring that the XML is formed properly, filtering out oversize messages or
corrupted content, validating identification and checking encrypted digital
signatures. Some appliances, such as Fortinet’s, also bundle conventional
network firewall and virus detection within the same unit, while others, such
as Layer 7’s, hand off virus detection to anti-virus programs.
Back to feature: Web Services:
Careful, It’s a Circus Out There...
Tony Baer is principal with onStrategies, a New York-based consulting firm, and editor of Computer Finance, a monthly journal on IT economics. He can be reached via
e-mail at email@example.com.