December 14th: How to Combat Advanced Persistent Threats at the Application Layer

Today, it is clear a new wave of organized, state sponsored, espionage is targeting commercial and federal information systems with continuous long term attacks. Most vendor countermeasures are promoting anti-malware AV & simplistic IP level firewall solutions to protect client or endpoint computer systems with access to the network. This focus has proven largely ineffective as adversaries typically test against major AV packages prior to launching attacks resulting in high client infection rates. This puts more emphasis on application level security to protect information- even after client infection has occurred. In this technical webinar, independent federal security expert Gunnar Peterson explores how a Security Gateway, deployed at the network edge can deliver deeper inspection of XML based web service traffic for advanced APT threat identification, attribution, and proactive monitoring.

Join us in this webinar taking place on December 14th at 11am Pacific / 2PM Eastern.

You will learn:

• Latest insights from federal & commercial APT countermeasure projects
• Typical malware to app attack patterns
• Security for inbound and outbound traffic
• How gateway policy enforcement points can leverage IdM, AuthN and AuthZ
• How gateways improve SIEM proactive monitoring

Don’t miss this important event. Register here.

A Solution for Addressing Network Security & Dramatically Reducing PCI DSS Scope with Gateway Tokenization

Version 2.0 of the PCI Data Security Standard takes effect on January 1, 2011. Are you fully prepared for the upcoming changes? Can your company avoid non-compliance fines of up to $500k per incident?Join us  for an overview of planned changes to the PCI DSS Standard and pros and cons of available technology solutions. Find out how Security Gateways offer ideal solutions for handling internal tokenization when maintaining ownership and controlling PAN data are primary organizational concerns. Speakers will demonstrate how Security Gateways offer effective alternatives to outsourced solutions that can be impacted by token migration and card processor lock-in concerns.

Register here. for this 1 hour webinar on December 14th taking place at 1pm Eastern

Infosys on Service Oriented Architecture

Check out this interesting blog written by an Infosys Architect comparing hardware SOA appliances to software SOA appliances.  The author takes a stab at summarizing the differences, and makes some comments about Intel’s SOA Expressway. Just thought I’d chime in here and help flesh out the picture and add a few words from my own perspective being that I’m on the Intel team. SOA Expressway is a Service Gateway that complements and augments middleware products from any vendor.

And While middleware, BPM, and ESBs are good solutions for service mediation within a specific domain…it’s been our experience that customers have trouble scaling ESB products across domains to the edge of the network where they tend to have security and performance security gaps. It should be noted that ESBs can perform security policy enforcement but generally require additional plug-ins as well as code development.

Service gateways enable services to be composed for sets of ESBs, BPM systems and middleware deployed across different domains in the Enterprise. Service Gateways are deployed for cross-domain service mediation, threat prevention, security policy enforcement, AAA functions and are generally used for shorter-running transactions.

As for deployment models, the preferred way to deploy two gateways, one in the DMZ for threat prevention, external user authentication and application security, generally in a hardware appliance form factor and then a second gateway (software or hardware) closer to the middleware for trust functions, acceleration, and non-XML format handling.

If you have any questions and want to learn more, please don’t hesitate to email me at  jeffreyx.m.goldberg AT intel.com . Definitely take the time to visit www.dynamicperimeter.com for more info.

http://www.infosysblogs.com/soa/2010/11/soa_appliance_-_opportunities.html

 

 

 

Just thought I’d chime in here and add a few words from my own unique perspective being that I’m on the Intel team. SOA Expressway is a Service Gateway that complements and augments middleware products from any vendor.

 

While middleware, BPM, and ESBs are good solutions for service mediation within a specific domain…it’s been our experience that customers have trouble scaling ESB products across domains to the edge of the network where they tend to have security and performance security gaps.

 

It should be noted that ESBs can perform security policy enforcement but generally require additional plug-ins as well as code development.

 

Service gateways enable services to be composed for sets of ESBs, BPM systems and middleware deployed across different domains in the Enterprise. Service Gateways are deployed for cross-domain service mediation, threat prevention, security policy enforcement, AAA functions and are generally used for shorter-running transactions

As for deployment models, the preferred way to deploy two gateways, one in the DMZ for threat prevention, external user authentication and application security, generally in a hardware appliance form factor and then a second gateway (software or hardware) closer to the middleware for trust functions, acceleration, and non-XML format handling.

 

 

 

 

 

How to Protect against the 2010 — OWASP Top 10 threats to Web Applications

The Open Web Application Security Project (OWASP) maintains and publishes an ongoing list of top ten threats to web applications. With few exceptions, the threats listed in the OWASP top ten can be applicable to any service, be it a web application, REST service, SOAP service or custom application.  Read along point by point as Blake Dournaee, Product Manager for Intel SOA Expressway Service Gateway goes through the risks for 2010 and see how these are addressed with Intel(R) SOA Expressway, Intel’s service gateway product.

http://software.intel.com/en-us/blogs/2010/11/09/using-a-service-gateway-to-protect-against-the-owasp-top-10/

 

Securing the Cloud with Intel(R) SOA Expressway

The Intel Cloud Builder program has launched a forum and discussion board today. I am not sure if you have seen it yet, but there is a great paper that outlines a number of cloud security use cases built around Intel(R) SOA Expressway. Grab the paper entitled “Intel® Cloud Builders Guide: Cloud Design and Deployment on Intel® Platforms.”

The paper shows how Expressway can be used as a control point for some interesting use use cases: (i) As a secure proxy for auditable virtual machine controls, (ii) single sign-on using an on-premise STS to map internal credentials to SAML assertions for a payroll application and (iii) secure credential federation for a hybrid cloud environment in a cloudburst scenario. The paper has a lot of detailed information on what some of these applications might actually look like once deployed on Expressway. You can request an evaluation copy of Intel(R) SOA Expressway at the dynamic perimeter microsite, located here.

Security Gateway Buyer’s Guide

Independent industry security expert Gunnar Peterson (1raindrop.typepad.com)  provides the analysis and decision support that will enable you to make an informed choice when evaluating Security Gateways. The Buyer’s Guide describes security architecture capabilities, common business use cases, and deployment considerations.

Download a copy here:

http://www.dynamicperimeter.com/download/SecurityGateway_BuyersGuide

 

How to move data from JMS to a database with SOA Expressway

The work of an information system’s developer is not only to create challenging, innovative advances in algorithms in new applications. His/her tasks also  include the creation and maintenance of support routines like the reliable copying of data from one source to another, and handling different exceptions, timeouts, hanging transactions, shifting timezones, etc. You’re lucky if all software in your system is from a single vendor and is still supported. In this case it’s likely that there are tools that can move data from one source to another, for example, from a database to a message queue. But if your task is to move data between IBM Websphere MQ with SSL-encrypted channels, MS SQL or Oracle databases and Tumbleweed FTP server, you’re likely to come across some vendor-specific implementation issues. Even if the  working prototype is finished in several days, it’ll take some more time to test it before it can be used in production.

One of possible use cases of SOA Expressway (www.dynamicperimeter.com) is rapid creation of this type of support workflow.  And SOA Expressway can execute tens of such workflows at once

Read Anton Luht’s blog about how to easily accomplish this:

http://software.intel.com/en-us/blogs/2010/10/20/how-to-move-data-from-jms-to-a-database-with-soa-expressway/

 

Applying a Service Gateway architecture to integrating your e-Invoicing

Read about Pete Logan’s visit to the European E-Invoicing and E-Billing conference in Munich which addressed  a variety of ways to integrate the transfer of  e-Invoicing and e-billing into existing applications and security solutions.  Pete makes a parallel between various e-invoicing integration issues with banking and healthcare  and how those issues are already addressed by work done within Intel’s SOA Products Group. In the blog, Pete writes about the challenges faced – and the requirements for mediation and governance that make  Service Gateways an obvious solution for addressing those domains.

Check out this blog:

http://software.intel.com/en-us/blogs/2010/10/18/applying-a-service-gateway-architecture-to-integrating-your-e-invoicing/

 

 

Interoperabilty of SOA Expressway with JMS Message Queues

In this how-to post, follow-along as Joe Welsh demonstrates how easy it is to build an application using SOA Expressway that interoperates with a JMS Message Queue.

SOA Expressway works with any standard JMS MQ provider. To date, Joe has configured SOA Expressway to work with Apache Active MQ, Websphere MQ, Sun Java System Message Queue, and Progress’ Sonic MQ, all without a hitch.  Customers are really impressed with how easy it is to do this , as well how powerful their applications become when integrated with other built-in services like JDBC, FTP, File, HTTPS, data transformation, etc.

http://software.intel.com/en-us/blogs/2010/09/29/interoperabilty-of-soa-expressway-with-jms-message-queues/

Intel SOA Expressway allows configurable policies for Content Attack Prevention (CAP)

Intel’s SOA Expressway is a software package that allows for the many different options in controlling the flow and security of web services throughout an organization or even those published to external consumers through a DMZ. In many instances, especially for public interfacing web services, it is essential to have some type of filtering (also called reverse-proxy) of requests from a consumer of a web service and this is the specialty of SOA Expressway and how it is used to protect web services. In addition to the built-in security features provided by a proxy workflow, proxy workflows within SOA Expressway can contain Content Attack Prevention (CAP) policies.

In this post by Andy Good, read a good summary of what CAP policies are, what risks they can mitigate and how you can use them.

http://communities.intel.com/community/openportit/blog/2010/09/15/intel-soa-expressway-allows-configurable-policies-for-content-attack-prevention-cap;jsessionid=1677AE286272EE13851F4514F1279AFE.node7COM