IBM Acts to Protect Enterprises Against Web Application Attacks

IBM has announced the release of solutions designed to help combat Web application attacks, and secure the integrity of data processed by those applications.

"The hackers around the world have been really beefing up their efforts going against the web applications for customers. They have found exposures, they have found holes that have not been patched by the vendors," Dan Powers, vice president of business strategy at IBM Internet Security Systems, tells 5 Minute Briefing.

According to the latest statistics from the IBM X-Force 2009 Midyear Trend & Risk Report, which will be released later this month, web application attacks continue to accelerate. The report concludes that the most common intent of web application attacks are to steal and manipulate data and take command and control of infected visitors.

With SQL injection and other web application attacks on the rise, says Powers, "What we have tried to do at IBM is really go on an all-out attack for our customers to help them with all of these threats that are really starting to hit the application layer on the web."

IBM's integration of its web application security offerings can help enable enterprises to combat these types of attacks. The latest component of the solution, IBM Proventia SiteProtector 8.0, integrates a consolidated security management system with Rational AppScan, an industry-leading solution for web application vulnerability and secure code testing; and IBM's recently announced web application protection module for network and host intrusion prevention systems. This combined solution is designed to result in reduced security management operational costs; a Consolidated reporting infrastructure; and correlation of application vulnerabilities with potential security events and real-time attacks, enabling organizations to prioritize remediation to immediately address top threats.

IBM's web application security provides integrated management consoles for software and hardware solutions, professional services for trusted expertise and managed security services that can help reduce the cost and complexity of security operations.

Because Web applications often rely on Web services and service-oriented architecture (SOA), IBM has integrated the security and governance features of the purpose-built WebSphere DataPower SOA Appliances with the centralized management of Tivoli Security Policy Manager. The combination can help to enable enterprise architects and security operations to align business and IT by centrally managing and enforcing security policies for web services resources across multiple policy enforcement points.

IBM SiteProtector 8.0 is also a key offering in IBM's Information Infrastructure portfolio for improved security, management and encryption, announced last week. Other offerings include Proventia Server for Windows 2008-helping organizations harness the security and compliance challenges in the heterogeneous data center, encrypted disk support for the System Storage DS5000; as well as IBM Tivoli Identity Manager 5.1 featuring role management for more effective enforcement of SOD, and Tivoli Security Information and Event Manager's NERC module, security products that help improve security with little or no productivity impact.

IBM also recently announced the acquisition of Ounce Labs, which provides application source code testing to help enterprises identify and resolve vulnerabilities.

For more information about IBM's security offerings, go here.