Breaking News - Security:
Competing Security Vendors Create Initiative To Make Web
Safer
At the Computer Security Institute's 31st Annual Security Conference and
Exhibition, leading vendors in the application security market announced they
have joined forces to help define more consistent and reliable standards for
customers. Jeff Pancottine, senior vice president and general manager of the
Security Business Unit for F5 Networks; Shlomo Kramer, CEO of Imperva; Gene
Banman, CEO of NetContinuum; and Bob Walters, CEO of Teros have invited Check
Point Software Technologies, Cisco Systems, Juniper Networks, McAfee and
Symantec to join them in submitting their products to an independent
application security evaluation conducted by ICSA Labs, the global leader in
information security product certification.
"With a wide array of security technologies to choose from and a lack of
criteria for what constitutes adequate application protection, selecting
appropriate solutions to protect the Web-enabled enterprise is daunting," said
Mary Ann Davidson, chief security officer for Oracle Corp. "Objective,
independent standards for evaluating Web application security solutions will
make it easier for IT security executives to make better informed purchasing
decisions."
According to a joint statement issued by the companies: "Each of our
companies
offers architecturally different solutions, and we compete with each other in
the marketplace. At the same time, we are united regarding the minimum
criteria that any security product must meet to provide acceptable protection
for mission-critical Web applications. We believe these minimums are not being
met by many vendors, despite marketing claims that strongly imply such
protection. The result is a false sense of security that exposes consumers and
corporations to a higher risk of identity theft and other similar data loss
threats. Our goal is to pave the way for minimum standards that will ensure
the safety of consumers as well as corporate and government environments on
the Web."
"This kind of multi-vendor collaboration is a positive development for
buyers
of application security. Like the established test criteria for network
firewalls, a standard set of baseline criteria for application firewalls can
be helpful in reducing the effort in product selection. Maintaining vendor
neutrality will be a critical success factor for this effort moving forward,"
said Greg Young, research director with Gartner Inc.
Application security is slated to become a $2 billion market over the next
five years according to a recent industry survey by research firm Yankee Group
("Spending on Application Security Accelerates Security BPO," September 2004).
However, the lack of established industry best practices, combined with
inconsistent and confusing vendor claims, have made it difficult for IT
decision makers to identify products that provide legitimate protection
against Web application exploits. The result is a greater risk of identity
theft and security breaches that expose confidential data and violate customer
confidentiality.
"Web applications often link directly to sensitive business data, making
them
a prime target for hackers intent on stealing financial and identity data.
Organizations that do not take this threat seriously expose themselves to
significant risk and increased legal liabilities," said Jim Slaby, senior
analyst at The Yankee Group. "Open initiatives by vendors to self-regulate
their industry benefit customers by helping establish minimum baselines for
comparing security products and sorting through sometimes confusing marketing
messages."
|
