Assuring Web Services IntegrityAssuring Web Services Integrity

ActiveIntegrity SystemActiveIntegrity System

Web Services as a Paradigm Shift

• Today’s Web designed for Application-Human interactions

• WS enable systematic Application-Application interactions on the Web– E-marketplaces

– Open, automated B2B e-commerce

– Business process integration on the Web

– Resource sharing, distributed computing

• Enable universal interoperability

The Four Levels of Web Security

Security

Threat

Antivirus

Disruption

Desktop

1

Encryption

Interception

Transport

2

Manual Patching

Perversion

WebApplications

4

Firewall

Illegal Access

3

NetworkNetwork

All Levels are crucial!

Web Services Hacking Scenario

Business Logic

Web Browser

Wireless Device

Another Web Service Web Services

Hacker

Invalid Content!

The Pain

• The logic of the Web Service may be damaged by internal or external hacking

• Great financial losses due to:– Theft of valuable information

– Invalid content provided to customers

– Damaged reputation

• Current solutions are not secure enough – 85% of large companies detected security breaches in the past year (Computer Security Institute, 2002)

Why Firewalls are not enough?

• 95% of all hacked web servers had a firewall

• Firewalls leave HTTP port wide open to allow Web traffic

• Hackers exploit known errors in applications that reside behind firewalls

• Firewalls of big companies are hacked on the average 10 times a year

Our Solution

ActiveIntegrity Architecture

ActiveIntegrity Server

FirewallWS Client

Web Services Business Logic

Agent

Agent

ActiveIntegrityServer

ActiveIntegrity in Action

FirewallWS Client

Web Services Business Logic

Hacked Server

Invalid Content

Notification

Recovery

ActiveIntegrity Components

• Consists of two components:– ActiveIntegrity Secure Server (hardware,software)

– ActiveIntegrity Secure Agents (software)

ActiveIntegrity Secure Server

• Highly secured dedicated server• Integrity Enforcement Point - Controls the

Secured Agents • Supports Recovery mode

ActiveIntegrity Secure Agents

• Reside on the protected servers

• Act in a distributed environment

• The Agents run in a hostile environment vulnerable to hacking attacks

• We provide a unique technology to prevent the Agents from being compromised

Market Size Evaluation

Market size is dependent upon:

ROI and current ROI and current pricing modelspricing models

Application-level Application-level securitysecurity

Composite Composite Applications Applications marketmarket

Target Market

• Composite-Applications market:$15.4B by 2003 (Gartner, 0.8 probability)

• Application-level Security market:$3.5B by 2005 (Bear Stearns)out of total security spending of $19B (IDC).

• ROI considerations…

Target Market: ROI

• 9% of companies lose about $50K per hour of server downtime

• Average downtime: 20-25 hours• Estimated damage: +$1M

Target Market

• Potential market size:Large firms considered – Fortune 5000Avg. number of web services per firm – 6.5 (META Group).Avg. price per hardware security system - $50K

Potential Sum: 5000 x 6.5 x 50K = $1,600M

• 2001 competitors revenues: $60M• Actual market size probably smaller

Market Segmentation

• Sales by Customer type:– Fortune 500 – Due to ROI considerations: 50%– Fortune 5000 – light-weight version: 20%– Federal and government bodies: 10%

– Misc. (private customers, small firms): 20%

• Estimate based upon security spending survey (Secure Computing Magazine)

Limited-protection market veteran; AT&T, e-Bay and more ($1,095)

Low-featured software for IIS web servers ($595)

1998-founded, feature-rich, multi-platform software solution ($995)

Israeli company - Feature-rich, high-end hardware solution ($54,000)

Competition

• Main competitors in web-services market:

Competitive Advantage

• Technological Advantage– Tailored especially to protect Web Services

– Unique technology for dynamic Agent Generation

– Suited for distributed applications

• Marketing Advantage– Web Services are a paradigm shift, which is not

addressed by our competitors

Pricing Model, Business Model

• System price (hardware-solution): $49,000

• Start-ups security products sales through:– Direct Sales

– OEMs

– Strategic Alliances with market leaders

Current Position

• Prototype scheduled: 7/14/2002• Beta-site tests: 10/30/2002• Future meeting planned with Gilian Technologies.

• Open Issues:– Indirect Sales partner

– Development of lightweight, software-only version

Thank You