Forum Systems is bundling antivirus software from Computer Associates in the next version of its XML firewall product.
The move is an effort to fend off meddlesome intruders that can infect XML
Forum Systems officials said they have tucked eTrust AntiVirus software into the Forum XWall Web Services Firewall 5.0. Called Forum XML Antivirus (XAV), the software module filters and scans XML and SOAP documents and their file attachment for viruses.
The bundle will enable Forum to scan for viruses such as Win32, Blaster, Bagel and Sober in XML messages, something Forum CEO Wes Swenson said XML security rivals such as DataPower, Reactivity and Layer 7 don’t have.
“This is absolutely critical, especially if someone is using XML
encryption,” Swenson said. “You may be on your desktop and send a PDF with the SOAP envelope to your trading partners with a virus attached to it. If it went with any type of XML encryption, the virus would be obfuscated and would not reveal itself until it was decrypted at the other application.”
CA’s eTrust Security Advisor also delivers antivirus signatures to Forum XWall with XAV. Customers will be able to receive customized XML vulnerability alerts and software upgrades in conjunction with Forum’s VulCon on-line service.
Forum XAV is available May 1 with the release of Forum XWall X5.0 in
software and hardware appliance options. Forum XWall with XAV ranges from $5,000 to $40,000, depending on software and hardware configuration with
additional subscription fees for antivirus and VulCon updates. XWall runs on
Windows, Linux, Solaris or HP-UX operating systems.
While IT security vendors have focused most of their energies on shoring up Web servers, database servers or PCs, they haven’t adequately addressed security across networks, Swenson said.
Forum hopes to change this deficiency with XAV.
The Forum/CA partnership is an industry first that underscores how companies are looking to improve the computer security at a time when XML has become the de facto standard for sending Web services
Web services are a key component of service-oriented architectures (SOA)
While this factoid is nothing new, it is no less frightening to a business manager: According to Computer Economics, the financial losses from virus
attacks totaled $17.5 billion in 2004.
ZapThink analyst Ronald Schmelzer, whose research firm analyzes XML and
SOAs, said the new partnership is noteworthy because it finally
acknowledges the prominence of XML traffic on the network and the inadequacy
of companies to cope with XML-based security threats.
“XML and Web services cut through existing firewalls and email-based spam
and virus filters like a hot knife through butter,” Schmelzer said.
“Existing routers don’t inspect the actual content at the level necessary to
deal with XML-based virus and content-based attacks.
He continued: “So, this new partnership will illustrate to companies how
important it is for them to think about the new threats that are potential
in Web services and the steps they need to protect themselves.”
