NetContinuum Launches Web Services Firewall

NetContinuum (www.netcontinuum.com), a leading provider of application firewalls, today announced that it is integrating the leading Web-services firewall, Forum Systems' XWall, into its flagship Application Security Gateway product.

Both Forum Systems and NetContinuum are listed in Gartner's "Magic Quadrant" for their respective product categories.

Pricing for the NetContinuum Application Security Gateway Web Services Edition  begins at $39,000. The integrated product will be released to early access customers in December.

This development is expected to change the landscape for application-level security, promising customers a true best-in-class solution to address the new wave of "hidden" XML data-level attacks without forcing them to learn, deploy and manage yet another separate firewall device.

The Yankee Group estimates that the market for application gateways will be $880 million in 2004 and balloon to $2 billion in 2009. Previously, products that protected mission-critical Web applications were separate from security products targeting Web services.

According to a new survey of Fortune 500 CSOs conducted by independent market research firm, SalesRamp, 70% of all enterprise security buyers believe XML firewalls are critical, but want their existing web application firewall vendors to provide comprehensive XML security.

Because web services introduce the additional computational requirements of XML processing, software solutions running off-the-shelf hardware will not scale to meet the enterprise performance requirements of a combined web application and web services security approach.

According to Wes Wasson, chief strategy officer for NetContinuum, it makes perfect sense to combine Web-services security requirements with other application-security measures, for the sake of both cost and operational efficiency.

"To get the best return on their Web-services investment, organizations clearly require the integration of Web-application and Web-services security into a single comprehensive application-layer firewall," said Wasson.

New firewall conducts full XML content inspection, looking for policy violations such as oversized messages, unexpected field values and inappropriate external references and protects against targeted XML attacks such as SQL injection.