Header Image

Cyber Security Network Defense & Monitoring

The Problem: Proliferating Cyber Attacks

Cyber attacks are becoming increasingly complex and successful, especially over the past year which has seen a number of attacks against high profile targets:

  • May 2010: US Treasury - four cloud-hosted Web sites used by the Bureau of Engraving and Printing were shut down following the discovery of malicious code on the parent site 
  • April 2010: Tibetan Government - dozens of high-level government networks, embassies, international organizations and others were penetrated; confidential, sensitive, and private documents were stolen
  • February 2010: Google (and others) - 75,000 computer systems and nearly 2,500 companies were reported to be hacked and information stolen
  • December 2009: Twitter -  Iranian Cyber Army hijacked Twitter’s DNS, redirecting Twitter users to an Iranian website
  • July 2009: Pentagon - Distributed Denial of Service (DDoS) attack on the Pentagon (purportedly by North Korea)
  • April 2009: US Electric Grid - cyber spies from China, Russia, and other countries left behind software programs that could be used to disrupt the US-wide electrical power generating and distribution system. 

While cyber attacks may be on the increase, the real problem here is that commercial and military IT systems are evolving at a faster pace than the Information Assurance (IA) technology used to protect them, effectively rendering traditional IA solutions obsolete. Driven by information sharing initiatives, mission support/mission critical systems have evolved to become more interoperable through modern computing paradigms like Service Oriented Architecture (SOA), Web Services and the cloud, which, in turn, have driven the need for new cyber defense systems.

 

The Solution: XML Firewalls

While numerous cyber defense point solutions exist – crypto devices, firewalls, identity and access management systems that encompass biometrics, smart cards, audit software, etc. – they tend to be narrowly deployed and narrowly focused (i.e., by office, department or bureau), rather than integrated to form a government-wide or even a nation-wide security barrier. SOA and cloud security solutions, on the other hand, are designed to deal with the elimination of boundaries between systems and the ever-growing use of shared and common resources.

XML Firewalls are one class of security product that can address a broad range of XML/Web services-based cyber threats by providing:

  • Fine-grained service-level access control
  • Data validation, privacy, and integrity for incoming and outgoing messages
  • Protection against message-level and other threats (including DDoS, XDoS and OS attacks; XML parsing; SQL and malicious scripting language injection attacks; viruses in SOAP attachments, etc)
  • Identity-based access control for XML / Web services
  • Credential chaining and substitution operations

The Layer 7 Value: Cyber Security for SOA & Cloud

The Layer 7 XML Firewall delivers cyber defense capabilities to address common threats associated with SOA, Web Services, and Cloud implementations. The XML Firewall acts as a Policy Enforcement Point (PEP) which proxies and inspects every message destined for and/or returned from a Firewall-protected service, based on a user-defined set of policies. Policies can incorporate any combination of identity, authentication protocol, time of day, IP address, message count, message content or routing parameters.

Built-in Joint Enterprise Service Management (JESM)-compatible monitoring capabilities provide a real time view of all Layer 7 XML appliances across the enterprise and the cloud, showing audits, events and key metrics. Configurable, out-of-the-box reports provide insight into SSG operations, service-level performance, and service user experience. Alternatively, existing, third-party management tools can be integrated via a management API to provide centralized monitoring. 

Layer 7 XML Firewalls are available as traditional, hardware-based appliances, as well as virtual appliances that support a range of virtualized platforms such as VMware, Xen, Amazon EC2, CA 3Tera, etc. Additionally, as a government approved vendor, Layer 7 provides Federal Information Processing Standards (FIPS) 140-2 support in both hardware (Level 3) and software (Level 1), as well as support for elliptic curve cryptography that conforms to the NSA’s Suite B algorithms.