assuring web services integrity activeintegrity system
Post on 21-Dec-2015
216 views
TRANSCRIPT
Assuring Web Services IntegrityAssuring Web Services Integrity
ActiveIntegrity SystemActiveIntegrity System
Web Services as a Paradigm Shift
• Today’s Web designed for Application-Human interactions
• WS enable systematic Application-Application interactions on the Web– E-marketplaces
– Open, automated B2B e-commerce
– Business process integration on the Web
– Resource sharing, distributed computing
• Enable universal interoperability
The Four Levels of Web Security
Security
Threat
Antivirus
Disruption
Desktop
1
Encryption
Interception
Transport
2
Manual Patching
Perversion
WebApplications
4
Firewall
Illegal Access
3
NetworkNetwork
All Levels are crucial!
Web Services Hacking Scenario
Business Logic
Web Browser
Wireless Device
Another Web Service Web Services
Hacker
Invalid Content!
The Pain
• The logic of the Web Service may be damaged by internal or external hacking
• Great financial losses due to:– Theft of valuable information
– Invalid content provided to customers
– Damaged reputation
• Current solutions are not secure enough – 85% of large companies detected security breaches in the past year (Computer Security Institute, 2002)
Why Firewalls are not enough?
• 95% of all hacked web servers had a firewall
• Firewalls leave HTTP port wide open to allow Web traffic
• Hackers exploit known errors in applications that reside behind firewalls
• Firewalls of big companies are hacked on the average 10 times a year
Our Solution
ActiveIntegrity Architecture
ActiveIntegrity Server
FirewallWS Client
Web Services Business Logic
Agent
Agent
ActiveIntegrityServer
ActiveIntegrity in Action
FirewallWS Client
Web Services Business Logic
Hacked Server
Invalid Content
Notification
Recovery
ActiveIntegrity Components
• Consists of two components:– ActiveIntegrity Secure Server (hardware,software)
– ActiveIntegrity Secure Agents (software)
ActiveIntegrity Secure Server
• Highly secured dedicated server• Integrity Enforcement Point - Controls the
Secured Agents • Supports Recovery mode
ActiveIntegrity Secure Agents
• Reside on the protected servers
• Act in a distributed environment
• The Agents run in a hostile environment vulnerable to hacking attacks
• We provide a unique technology to prevent the Agents from being compromised
Market Size Evaluation
Market size is dependent upon:
ROI and current ROI and current pricing modelspricing models
Application-level Application-level securitysecurity
Composite Composite Applications Applications marketmarket
Target Market
• Composite-Applications market:$15.4B by 2003 (Gartner, 0.8 probability)
• Application-level Security market:$3.5B by 2005 (Bear Stearns)out of total security spending of $19B (IDC).
• ROI considerations…
Target Market: ROI
• 9% of companies lose about $50K per hour of server downtime
• Average downtime: 20-25 hours• Estimated damage: +$1M
Target Market
• Potential market size:Large firms considered – Fortune 5000Avg. number of web services per firm – 6.5 (META Group).Avg. price per hardware security system - $50K
Potential Sum: 5000 x 6.5 x 50K = $1,600M
• 2001 competitors revenues: $60M• Actual market size probably smaller
Market Segmentation
• Sales by Customer type:– Fortune 500 – Due to ROI considerations: 50%– Fortune 5000 – light-weight version: 20%– Federal and government bodies: 10%
– Misc. (private customers, small firms): 20%
• Estimate based upon security spending survey (Secure Computing Magazine)
Limited-protection market veteran; AT&T, e-Bay and more ($1,095)
Low-featured software for IIS web servers ($595)
1998-founded, feature-rich, multi-platform software solution ($995)
Israeli company - Feature-rich, high-end hardware solution ($54,000)
Competition
• Main competitors in web-services market:
Competitive Advantage
• Technological Advantage– Tailored especially to protect Web Services
– Unique technology for dynamic Agent Generation
– Suited for distributed applications
• Marketing Advantage– Web Services are a paradigm shift, which is not
addressed by our competitors
Pricing Model, Business Model
• System price (hardware-solution): $49,000
• Start-ups security products sales through:– Direct Sales
– OEMs
– Strategic Alliances with market leaders
Current Position
• Prototype scheduled: 7/14/2002• Beta-site tests: 10/30/2002• Future meeting planned with Gilian Technologies.
• Open Issues:– Indirect Sales partner
– Development of lightweight, software-only version
Thank You