Federal CIO VanRoekel details his ‘first’ priorities

With nearly three months on the job, federal chief information officer Steven VanRoekel is revisiting some long-standing technology priorities.

VanRoekel gave his first major policy speech recently, since taking over for Vivek Kundra in August, signaling how he plans to move the administration’s IT reform ball forward.

In this Federalnewsradio.com post, read about how:

• OMB will promote “Share first” policy –The Office of Management and Budget will begin promoting a “share first” policy. VanRoekel said the idea is to have agencies look to others when buying technology or upgrading systems before going off on their own.
• “I envision a set of principles like XML First, Web Services First, Virtualize First and other firsts that will inform how we develop our Government’s systems.”
• “All of these elements are really grounded in the foundation that is cybersecurity.”

 

 

 

Toward these goals, you can deploy Intel Expressway Service Gateway, a purpose-built cross domain service gateway that enables secure collaboration amongst agencies.

You can address perimeter defense with wire speed XML threat protection, complex security policy enforcement and ready multi-factor integration to identity infrastructure.

And you get the Intel advantage since Intel Expressway Service Gateway has been engineered to take advantage of Intel hardware optimizations to deliver best in class performance and hardened, high-assurance security.

Please reach out to us at  intelsoainfo@intel.com or call 978-948-2585 if you need assistance.

Radian Uses Intel Expressway Service Gateway to Power Data Transformation Security

Radian, a national provider of private mortgage insurance and risk management products  is discussed in a new case study involving Intel Expressway Service Gateway.  Radian looked to Intel to help build an architecture that utilized XML as a common format for back-end systems, while separating policy enforcement and data transformation from back-end systems in a dedicated security and transformation layer.

Read on to learn more about how Radian is benefiting from simplified integration security with a scalable solution and lower total cost of ownership (TCO).

Click here to download this case study.

Microsoft RMS and Security Gateways

A new use case has just been published that shows how a large Enterprise has deployed Expressway Service Gateway to protect access to RMS-protected documents.

This is an interesting use case because it show how an Enterprise can provide secure, protected access to Microsoft RMS protected documents even when the partner identities are stored in CA Siteminder – the answer is to utilize a security gateway to provide a layer of protection, authentication, and credential mapping. It also provides a nice way to segment the network for security purposes. If partner access needs to be shut down due to increased risk, it can be done at the gateway rather than fiddling with code.

In many cases this same authentication could happen with ADFSv2, but what happens when ADFSv2 isn’t an option in the DMZ?

Another cool aspect of this use case is that the partner clients are thick office clients sending in web services requests, which I thought was interesting.

December 14th: How to Combat Advanced Persistent Threats at the Application Layer

Today, it is clear a new wave of organized, state sponsored, espionage is targeting commercial and federal information systems with continuous long term attacks. Most vendor countermeasures are promoting anti-malware AV & simplistic IP level firewall solutions to protect client or endpoint computer systems with access to the network. This focus has proven largely ineffective as adversaries typically test against major AV packages prior to launching attacks resulting in high client infection rates. This puts more emphasis on application level security to protect information- even after client infection has occurred. In this technical webinar, independent federal security expert Gunnar Peterson explores how a Security Gateway, deployed at the network edge can deliver deeper inspection of XML based web service traffic for advanced APT threat identification, attribution, and proactive monitoring.

Join us in this webinar taking place on December 14th at 11am Pacific / 2PM Eastern.

You will learn:

• Latest insights from federal & commercial APT countermeasure projects
• Typical malware to app attack patterns
• Security for inbound and outbound traffic
• How gateway policy enforcement points can leverage IdM, AuthN and AuthZ
• How gateways improve SIEM proactive monitoring

Don’t miss this important event. Register here.

A Solution for Addressing Network Security & Dramatically Reducing PCI DSS Scope with Gateway Tokenization

Version 2.0 of the PCI Data Security Standard takes effect on January 1, 2011. Are you fully prepared for the upcoming changes? Can your company avoid non-compliance fines of up to $500k per incident?Join us  for an overview of planned changes to the PCI DSS Standard and pros and cons of available technology solutions. Find out how Security Gateways offer ideal solutions for handling internal tokenization when maintaining ownership and controlling PAN data are primary organizational concerns. Speakers will demonstrate how Security Gateways offer effective alternatives to outsourced solutions that can be impacted by token migration and card processor lock-in concerns.

Register here. for this 1 hour webinar on December 14th taking place at 1pm Eastern

Infosys on Service Oriented Architecture

Check out this interesting blog written by an Infosys Architect comparing hardware SOA appliances to software SOA appliances.  The author takes a stab at summarizing the differences, and makes some comments about Intel’s SOA Expressway. Just thought I’d chime in here and help flesh out the picture and add a few words from my own perspective being that I’m on the Intel team. SOA Expressway is a Service Gateway that complements and augments middleware products from any vendor.

And While middleware, BPM, and ESBs are good solutions for service mediation within a specific domain…it’s been our experience that customers have trouble scaling ESB products across domains to the edge of the network where they tend to have security and performance security gaps. It should be noted that ESBs can perform security policy enforcement but generally require additional plug-ins as well as code development.

Service gateways enable services to be composed for sets of ESBs, BPM systems and middleware deployed across different domains in the Enterprise. Service Gateways are deployed for cross-domain service mediation, threat prevention, security policy enforcement, AAA functions and are generally used for shorter-running transactions.

As for deployment models, the preferred way to deploy two gateways, one in the DMZ for threat prevention, external user authentication and application security, generally in a hardware appliance form factor and then a second gateway (software or hardware) closer to the middleware for trust functions, acceleration, and non-XML format handling.

If you have any questions and want to learn more, please don’t hesitate to email me at  jeffreyx.m.goldberg AT intel.com . Definitely take the time to visit www.dynamicperimeter.com for more info.

http://www.infosysblogs.com/soa/2010/11/soa_appliance_-_opportunities.html

 

 

 

Just thought I’d chime in here and add a few words from my own unique perspective being that I’m on the Intel team. SOA Expressway is a Service Gateway that complements and augments middleware products from any vendor.

 

While middleware, BPM, and ESBs are good solutions for service mediation within a specific domain…it’s been our experience that customers have trouble scaling ESB products across domains to the edge of the network where they tend to have security and performance security gaps.

 

It should be noted that ESBs can perform security policy enforcement but generally require additional plug-ins as well as code development.

 

Service gateways enable services to be composed for sets of ESBs, BPM systems and middleware deployed across different domains in the Enterprise. Service Gateways are deployed for cross-domain service mediation, threat prevention, security policy enforcement, AAA functions and are generally used for shorter-running transactions

As for deployment models, the preferred way to deploy two gateways, one in the DMZ for threat prevention, external user authentication and application security, generally in a hardware appliance form factor and then a second gateway (software or hardware) closer to the middleware for trust functions, acceleration, and non-XML format handling.

 

 

 

 

 

How to Protect against the 2010 — OWASP Top 10 threats to Web Applications

The Open Web Application Security Project (OWASP) maintains and publishes an ongoing list of top ten threats to web applications. With few exceptions, the threats listed in the OWASP top ten can be applicable to any service, be it a web application, REST service, SOAP service or custom application.  Read along point by point as Blake Dournaee, Product Manager for Intel SOA Expressway Service Gateway goes through the risks for 2010 and see how these are addressed with Intel(R) SOA Expressway, Intel’s service gateway product.

http://software.intel.com/en-us/blogs/2010/11/09/using-a-service-gateway-to-protect-against-the-owasp-top-10/

 

Encrypt a response with a certificate taken from a request

Sometimes it is not possible to share public keys among all clients but still necessary to provide some level of message security. In this case it’s possible to validate an incoming request and use a certificate from the request to encrypt a response. Boris Kaplounovsky’s blog post shows how to create the proxy workflow for the SOA Expressway providing such functionality.

http://securingsoa.blogspot.com/2010/11/encrypt-response-with-certificate-taken.html

 

 

 

 

Securing the Cloud with Intel(R) SOA Expressway

The Intel Cloud Builder program has launched a forum and discussion board today. I am not sure if you have seen it yet, but there is a great paper that outlines a number of cloud security use cases built around Intel(R) SOA Expressway. Grab the paper entitled “Intel® Cloud Builders Guide: Cloud Design and Deployment on Intel® Platforms.”

The paper shows how Expressway can be used as a control point for some interesting use use cases: (i) As a secure proxy for auditable virtual machine controls, (ii) single sign-on using an on-premise STS to map internal credentials to SAML assertions for a payroll application and (iii) secure credential federation for a hybrid cloud environment in a cloudburst scenario. The paper has a lot of detailed information on what some of these applications might actually look like once deployed on Expressway. You can request an evaluation copy of Intel(R) SOA Expressway at the dynamic perimeter microsite, located here.

Security Gateway Buyer’s Guide

Independent industry security expert Gunnar Peterson (1raindrop.typepad.com)  provides the analysis and decision support that will enable you to make an informed choice when evaluating Security Gateways. The Buyer’s Guide describes security architecture capabilities, common business use cases, and deployment considerations.

Download a copy here:

http://www.dynamicperimeter.com/download/SecurityGateway_BuyersGuide