Sarvega Appliance Inspects XML Traffic

The Guardian Gateway Web services security appliance filters incoming XML traffic to find sophisticated new attacks.

Until recently, the term "XML security" essentially has been used interchangeably with "Web services security." Because XML is the basis for Web services, many vendors and enterprises have treated the two as one.

But one vendor, Sarvega Inc., is hoping to change that perception with its Guardian Gateway XML security appliance, which it unveiled this week. Although the appliance includes support for all of the existing Web services security standards, such as WS-Security, SAML and XML Dsig, it also is capable of filtering incoming XML traffic to find sophisticated new attacks.

Because Web services traffic comes in over port 80, just as normal HTTP traffic does, it typically passes directly through firewalls with little or no inspection. The Guardian box is designed to parse the XML traffic, checking for low-level issues such as IP spoofing as well as more severe problems like buffer overrun or SQL injection attacks.

This kind of deep inspection of XML traffic is new to the Web services world, and is part of the companys proprietary XESOS (XML EventStream Operating System) Gauntlet protection architecture. The OS was purpose-built by Sarvega with security in mind from the start.

"The XML world doesnt understand that its about risk mitigation and not locking everything down," said Chris Darby, CEO of Sarvega, based in Chicago. "It doesnt matter whether youre SAML compliant when youre under attack. If your system is down, you dont have security."

Darby, who joined Sarvega in 2003 after several years as CEO of security consultancy @stake Inc., compares the evolution of XML processing to that of IP traffic in the 1980s. Once done on local machines, IP processing eventually moved to the network infrastructure and is now done mainly by routers and switches instead of servers. The same changeover is occurring now with Web services traffic, Darby said, as XML processing moves to specialized boxes built for the task.

In addition to its XML inspection capabilities, the Guardian Gateway also serves as a cryptographic accelerator, speeding up the processing time for digital signatures, encryption and SSL processing by as much as two orders of magnitude.

Sarvega also is rolling out its Guardian Accelerator appliance, which has all of the XESOS security features and acceleration capabilities of the Guardian Gateway, but without the Web services security functionality and quality of service enforcement.

Both appliances are available now. The Gateway sells for $55,000, and the Accelerator is listed at $45,000.

/zimages/1/28571.gifCheck out eWEEK.coms Security Center at for security news, views and analysis.
Be sure to add our security news feed to your RSS newsreader or My Yahoo page: