Firewall Safeguards Web-Enabled Apps

Security start-up Reactivity Inc. is hoping to fill the void in Web services security with its new software firewall.

A security start-up is hoping to help fill the void in Web services security with its new firewall designed specifically to protect Web-enabled applications.

Reactivity Inc. on Monday will introduce its Service Firewall 1.0, a software firewall meant to not only protect Web applications but to do so in such a way that the security is invisible to the user. The Service Firewall is deployed at the edge of a corporate network and sits in the message flow between applications.

The software comprises two parts: the firewall itself and the management console, through which administrators can set up policies, monitor messages and view logs, and audit reports. Several Service Firewalls can be clustered behind a load-balancer, Osaka said.

The firewall sees every message sent among the various applications, and its Run-Time Engine works to normalize those messages and perform authentication and authorization operations, as well. The firewall supports virtually all of the existing transport protocols and uses what company officials call "least effort" message handling to parse each message.

In order to maintain optimal throughput, the firewall only breaks each message down to the level needed to execute the security rules established by the administrator. This enables the Service Firewall to parse every message moving between applications while not slowing down traffic flow.

"We want to use the fewest number of computing cycles possible," said Glenn Osaka, CEO of Reactivity, based in Belmont, Calif. "You can drop it right in. Theres no APIs to deal with; just put us into the flow."

The company estimates that the firewall can process 200 messages per second on an 800 MHz Pentium machine running Linux. Reactivity is working on a Solaris port of the software now.

Reactivity executives take pains to distinguish their application from those sold by companies such as Sanctum Inc. Sanctums AppShield product is essentially a firewall for the Web server, they say, and would work well in conjunction with Service Firewall.

The market for such Web-related security measures is just beginning to open up and is likely to continue its expansion for some time. People havent yet recognized some of the security problems inherent to Web services, Osaka said.

"Were now opening up standards-based doors to applications and giving hackers the opportunity to automate attacks," he said. "[XML-based Web services] code is spread all over, so theres no centralized way to protect it. People have been doing the minimum in terms of security just to get things up and running."

The development version of Service Firewall, which has been shipping to some customers since June, is available now for $50,000.

Related Stories: Sanctum Fortifies AppShield Firewall More Security Coverage