As threats and attacks increasingly target Web applications, many enterprises have been forced to take a reactive approach to security with point products that address only pieces of Web application security and add to the complexity of security operations. IBM has brought together the breadth of its offerings designed to deliver end-to-end Web application security that includes security rich code development, vulnerability management, real-time blocking of attacks, dedicated security and performance for Web services, and access management.
IBM's integration of its Web application security offerings can help enable enterprises to combat these types of attacks. The latest component of the solution, IBM Proventia SiteProtector 8.0, integrates a consolidated security management system with Rational AppScan, an industry-leading solution for Web application vulnerability and secure code testing; and IBM's recently announced Web application protection module for network and host intrusion prevention systems. This combined solution is designed to deliver multiple benefits to enterprises, including:
- Reduced security management operational costs
- Improved security posture
- Consolidated reporting infrastructure
- A common workflow system for managing security incidents
- Correlation of application vulnerabilities with potential security events and real-time attacks, enabling organizations to prioritize remediation to immediately address top threats
IBM's Web application security further demonstrates the strength of IBM security with integrated management consoles for software and hardware solutions, professional services for trusted expertise and managed security services that can help reduce the cost and complexity of security operations.
"Web application security is the front line in the war against cybercrime. Enterprises everywhere are under constant attack and protecting our Australian Open website from hacking is a key issue," said Dr. Chris Yates, Chief Information Officer for Tennis Australia. "IBM's Web application security solution can help enable Tennis Australia to adopt a more coordinated and efficient approach to Web application security during the Australian Open. This will ultimately help us reduce the cost of security while helping to protecting our organization against breaches, and Australian Open Web site visitors against malware infections."
According to the latest statistics from the IBM X-Force 2009 Midyear Trend & Risk Report, which will be released later this month, Web application attacks continue to accelerate. For example, SQL injection attacks - attacks where criminals inject malicious code into legitimate Web sites, usually for the purpose of infecting visitors - rose 50% in Q1 2009 as compared to Q4 2008, and nearly doubled in Q2 at 96% as compared to Q1. The report concludes that the most common intent of Web application attacks are to steal and manipulate data and take command and control of infected visitors.
"Web application security is one of the top pain points for enterprises today, and only IBM can offer a comprehensive solution designed to help turn the tide against SQL injection and other Web application attacks," said Dan Powers, vice president of business strategy at IBM Internet Security Systems. "Additionally, our integrated approach to security may help to reduce costs and simplify security management, which can ultimately reduce opportunities for human error and improve overall security posture."
Because Web applications often rely on Web services and service oriented architecture (SOA), IBM has integrated the robust security and governance features of the purpose-built WebSphere DataPower SOA Appliances with the centralized management of Tivoli Security Policy Manager. The combination of Tivoli Security Policy Manager and WebSphere DataPower SOA Appliances can help to enable enterprise architects and security operations to align business and IT by centrally managing and enforcing security policies for Web services resources across multiple policy enforcement points. It can help to reduce the manual, inconsistent and costly administration of security policies and enable consistent enforcement of operational and lifecycle governance policies, with the ability to delegate and audit all changes to policies.
IBM SiteProtector 8.0 is also a key offering in IBM's Information Infrastructure portfolio for improved security, management and encryption, announced last week. Other offerings include Proventia Server for Windows 2008 - helping organizations harness the security and compliance challenges in the heterogeneous datacenter, encrypted disk support for the System Storage DS5000; as well as IBM Tivoli Identity Manager 5.1 featuring role management for more effective enforcement of SOD, and Tivoli Security Information and Event Manager's NERC module, security products that help improve security with little or no productivity impact.
Further extending its leadership in the Web application security space, IBM recently announced the acquisition of Ounce Labs, Inc., a privately-held company based in Waltham, Massachusetts, whose software helps companies reduce the risks and costs associated with security and compliance concerns.
For more information about IBM, please visit www.ibm.com/security.