Innovative Early Warning Alert System Helps Reduce Risk and Saves Significant
Time for Security Professionals
SAN FRANCISCO, RSA Conference 2005 (booth #848), Feb. 15 /PRNewswire/ --
Forum Systems, the leader in Web services security for threat protection and
trust management, announced today the industry's first single-source threat
intelligence service for XML Web services vulnerabilities. Security
intelligence services provide timely, reliable alerts about malicious cyber
attacks, software vulnerabilities and other relevant risk developments.
Unlike today's general-purpose alerts, Forum VulCon(TM) (for Web Service
Vulnerability Containment) concentrates on delivering up-to-date notification
of XML- and Web services-related threats with actionable suggestions for
effective countermeasures. VulCon has already aggregated over 100 of these
potential exposures to popular systems and applications. This announcement
represents the first step in Forum's Automated Threat Response Initiative to
reinvent the delivery of vulnerability data, policy updates and software
upgrades to its products.
VulCon reports are available through four delivery mechanisms: Email
Alerts, Internet Portal, Web Service API and RSS Feeds. Forum VulCon is
available immediately as a FREE subscription service. To register with VulCon
please visit http://vulcon.forumsys.com/.
Web services (and servers) are the number one most commonly exploited
vulnerability in Windows environments, according to the SANS Institute
"Top-20" 2004 list, an international consensus paper on the most critical
Internet threats facing organizations that require immediate remediation.
With 50 new vulnerabilities announced a week, it is time consuming for
security professionals to filter and analyze the Web services-related risks
from the dozens of alerts available today. As a result IT administrators do
not have the time to focus on remediation plans and exposures are often left
unresolved, posing multiple risks to the business, from financial and data
loss to network downtime, regulatory breaches and brand damage.
Gartner analyst Jay Heiser, in his "Five Sources of Security Intelligence
to Keep You Informed" (16 November 2004), recommends "Through 2006,
organizations that fail to make threat monitoring an integral part of their
vulnerability management efforts will experience double the rate of security
failure losses compared to organizations that review and act on reliable
intelligence."
Enterprises utilizing XML and Web services standards such as SOAP and WSDL
to efficiently interact with suppliers, vendors and customers (as well as
enterprises turning on new XML features within their legacy applications) face
a new category of automated machine-driven threats that target mission
critical business processes. In fact Web services are expected to reopen
70 percent of the attack paths against Internet-connected systems that were
closed by network firewalls.
"The onslaught of viruses and worms that affect today's email systems and
Web sites are a steady reminder that security must not be taken for granted.
XML Web services pose an even greater risk as they allow machines not only to
speak and listen to each other but also decide and act on mission critical
activities, making them susceptible to organized attacks, accidental misuse
and malicious abuse that directly impacts a company's customers, partners and
employees," said Walid Negm, VP of Marketing for Forum Systems. "Our vision
is that Forum VulCon will allow organizations to ultimately keep systems
'alive' with up-to-date defenses, collapsing the time a new vulnerability is
discovered and a security remedy is enforced."
Industry Support for VulCon
"VulCon offers organizations much needed awareness to a new class of
data-layer vulnerabilities that are out there today and ready to be exploited
-- maliciously as well as accidentally," commented Mark Campbell, Senior
Product Marketing Manager at NetContinuum, a leading provider of web
application security gateways. "This unique service will be available to our
NetContinuum NC-1000 Web Services Edition customers as they seek to respond
automatically to security incidents and avoid potential exploits all
together."
"VulCon is a significant commercial step in piercing the mystery of Web
services vulnerability control," said Jack Quinnell, Chief Technical Officer
at Kenai Systems, a leading provider of Web services vulnerability assessment
and management solutions. "This type of solution enables the shift from
reactive Web services security to a much more robust closed-loop secure Web
services architecture in production SOA implementations. VulCon's ability to
'update the locks' as well as 'lock the doors' with a Web service policy
update mechanism combined with the ability to converge third-party
vulnerability information through open integration points virtually eliminates
Web service exploits in deployment scenarios."
About VulCon(TM)
Forum Labs conducts ongoing active research in Web services threats and
aggregates and correlates its finding with vulnerabilities from credible
sources (e.g. CERT, Secunia, OSVDB, CERIAS). Forum Labs then filters,
transforms and classifies the data into a structured database where users can
enter their searchable criteria to retrieve entries and alerts that pertain to
their selection. Authorized users can submit new alerts as well as correct
errors and only authorized subscribers can access the system to receive
remedies -- including a set of services and countermeasures such as
vulnerability assessment, antivirus updates, software updates and
recommendations to enhance systems defenses. Business benefits include:
* Up-to-date SOA and XML Web services security intelligence
* Aggregated reports on vendor product vulnerabilities
* Access to a community of active consumers and producers of Web
services
* XML Web services vulnerability assessment tools
About Forum Systems
Trustworthy, ubiquitous and robust Web services can only be achieved by
combining security controls that are proactive, always on and systematic.
Forum Seamless Security Solutions Architecture (Forum S3A(TM)) is an adaptive
approach to building security minded service-oriented applications and
data-level networks using life-cycle solutions including vulnerability
management, testing systems, firewalls and gateways. Forum products are
available as software, PCI-card and appliance options and comply with
government requirements including FIPS Certification, Common Criteria EAL 4+
and JITC DoD PKI Certification. Forum Systems is an active a member of OASIS
and WS-I helping mature standards such as WS-I Basic Profiles, SAML and
WS-Security. Customers can immediately benefit from Forum technology that is
bundled with market leading products including Microsoft ISA Server 2004,
NetContinuum NC-1000 WSE, Network Engines Web Services (NEWS), and Oblix
COREid and COREsv. For more information on adaptive solutions for Web
services security visit http://vulcon.forumsys.com
Forum Systems, Inc. is the Leader in Web Services Security(TM) with a
comprehensive suite of trust management, threat protection and information
assurance solutions for the automated Web. Forum Systems flexible hardware,
software and embedded products make vibrant business communications possible
by actively protecting XML data and Web services across networks and business
boundaries. Forum's products have been chosen by over 80 Fortune 1000
industry leaders and are winners of Network Computing Magazine's
Well-Connected 2004 Award and Product of the Year 2004 Award, Network
Computing Magazine's Editor's Choice 2003 Award, Network Magazine's Product of
the Year 2003 Award and DEMO 2004 Invitation. Forum XWall Web Services
Firewall is the industry's only XML Firewall selected by InfoWorld LEADERBOARD
2004. Visit Forum at http://www.forumsys.com/.
SOURCE Forum Systems
 back to top
Related links:
http://www.forumsys.com
CONTACT:
Leslie Kesselring of Kesselring
Communications, LLC, +1-503-656-2847, leslie@kesselring.net, for
Forum Systems
|
