NetContinuum, a leading provider of application firewalls, today announced that it is integrating the leading Web-services firewall, Forum Systems' XWall, into its flagship Application Security Gateway product. The NetContinuum NC-1000 Application Security Gateway - Web Services Edition product combines protection of mission-critical application data with protection against a new breed of XML data-layer and application-layer attacks into a single ASIC-based gateway appliance.
The Yankee Group estimates that the market for application gateways will be $880 million in 2004 and balloon to $2 billion in 2009. Previously, products that protected mission-critical Web applications were separate from security products targeting Web services. Both Forum Systems and NetContinuum are listed in Gartner's "Magic Quadrant" for their respective product categories.
According to Wes Wasson, chief strategy officer for NetContinuum, it makes perfect sense to combine Web-services security requirements with other application-security measures, for the sake of both cost and operational efficiency. "To get the best return on their Web-services investment, organizations clearly require the integration of Web-application and Web-services security into a single comprehensive application-layer firewall," said Wasson. "To me, this announcement is really a culmination of a lot of things that I've had in mind on the strategic front here at NetContinuum since I joined the firm two and a half years ago."
Customers are saying that XML is the "next big thing" on the horizon in security, said Wasson. According to a survey of 500 chief security officers funded by NetContinuum performed by the market research firm SalesRamp, 70 percent of enterprise security buyers believe XML firewalls are critical, but do not want to buy a separate product; they would rather purchase an integrated application security gateway that also provides comprehensive XML security protection.
The NC-1000 WSE enables enterprises to secure Web services at the perimeter without having to learn XML; lets security managers control access to enterprise Web services based on user ID, URLs, and individual SOAP messages; provides detailed logging and audit information for all Web-application and Web-services events; and give security managers a single consistent interface for managing Web-application and Web-services security.