IBM has released a comprehensive solutions for helping to combat Web application attacks and to secure the integrity of data processed by Web applications.
As threats and attacks increasingly target Web applications, many enterprises have been forced to take a reactive approach to security with point products that address only pieces of Web application security and add to the complexity of security operations. IBM has brought together the breadth of its offerings designed to deliver end-to-end Web application security that includes security rich code development, vulnerability management, real-time blocking of attacks, dedicated security and performance for Web services, and access management.
IBM's integration of its Web application security offerings can help enable enterprises to combat these types of attacks. The latest component of the solution, IBM Proventia SiteProtector 8.0, integrates a consolidated security management system with Rational AppScan, a solution for Web application vulnerability and secure code testing; and IBM's recently announced Web application protection module for network and host intrusion prevention systems. This combined solution is designed to deliver multiple benefits to enterprises, including:
- Reduced security management operational costs
- Improved security posture
- Consolidated reporting infrastructure
- A common workflow system for managing security incidents
- Correlation of application vulnerabilities with potential security events and real-time attacks, enabling organizations to prioritize remediation to immediately address top threats
IBM's Web application security further demonstrates the strength of IBM security with integrated management consoles for software and hardware solutions, professional services for trusted expertise and managed security services that can help reduce the cost and complexity of security operations.
According to the latest statistics from the IBM X-Force 2009 Midyear Trend & Risk Report, which will be released later this month, Web application attacks continue to accelerate. For example, SQL injection attacks - attacks where criminals inject malicious code into legitimate Web sites, usually for the purpose of infecting visitors - rose 50% in Q1 2009 as compared to Q4 2008, and nearly doubled in Q2 at 96% as compared to Q1. The report concludes that the most common intent of Web application attacks are to steal and manipulate data and take command and control of infected visitors.
Because Web applications often rely on Web services and service-oriented architecture (SOA), IBM has integrated the robust security and governance features of the purpose-built WebSphere DataPower SOA Appliances with the centralized management of Tivoli Security Policy Manager. The combination of Tivoli Security Policy Manager and WebSphere DataPower SOA Appliances can help to enable enterprise architects and security operations to align business and IT by centrally managing and enforcing security policies for Web services resources across multiple policy enforcement points. It can help to reduce the manual, inconsistent and costly administration of security policies and enable consistent enforcement of operational and lifecycle governance policies, with the ability to delegate and audit all changes to policies.
IBM SiteProtector 8.0 is also a key offering in IBM's Information Infrastructure portfolio for improved security, management and encryption, announced last week. Other offerings include Proventia Server for Windows 2008 - helping organizations harness the security and compliance challenges in the heterogeneous datacenter, encrypted disk support for the System Storage DS5000; as well as IBM Tivoli Identity Manager 5.1 featuring role management for more effective enforcement of SOD, and Tivoli Security Information and Event Manager's NERC module, security products that help improve security with little or no productivity impact.