Interview with Eugene Kuznetsov, Founder, President and CTO of DataPower Technology Inc.
by Mirko Zorz - Friday, 24 January 2003.
The XS40 Security Gateway delivers a comprehensive set of security functions that are easy to implement across enterprise applications, including:
  • XML/SOAP Firewall - The XS40 filters traffic at production speed, with criteria based on information from layers 2 through 7 of the protocol stack; from SOAP envelope, payload size or field-level message content to IP address, hostname and port. Filters can be predefined and automatically uploaded to change security policies based on time of day or other triggers.
  • Field Level XML Security - The XS40 performs encryption/decryption and signing/verification of entire messages or of individual XML fields. Conditional security policies are based on a range of data including content, IP address, hostname or other user-defined environment variables.
  • Data Validation - With its unique ability to perform XML Schema validation as well as message validation at wirespeed, the XS40 ensures that incoming XML documents are legitimate and outgoing documents are properly structured to protect against threats such as XML Denial of Service (XDoS) attacks, buffer overflows, or crashes from deliberately or inadvertently malformed XML documents.
  • XML Web Services Access Control - The XS40 supports a variety of access control mechanisms, from XACML (eXtensible Access Control Markup Language) to RADIUS to simple client/URL maps. The XS40 can control access rights by rejecting unsigned messages and verifying signatures within SAML assertions.
  • SSL Acceleration - The XS40 scales transport layer security by accelerating SSL transactions in hardware. The XS40 can be configured with multiple SSL identities functioning as client or server, with SSL policies based on message content or metadata such as port number, HTTP header, etc.
  • Service Virtualization - The XS40 enables companies to link users to application resources without leaking information about their location or configuration. With the combined power of URL rewriting, high-performance XSL transforms and XML/SOAP routing, the XS40 can transparently map a rich set of services to protected back-end resources with the appropriate Quality of Service (QoS).
  • Centralized Policy Management - While a straightforward web-based GUI for simple rule creation allows the XS40 to be deployed securely in minutes, the XS40 uses the power of XSLT to create rules as simple or complex as required. Rules may be used to define common policies for firewalls, routing, access control, data transformation, and transport layer security across an array of applications and application servers without sacrificing performance. Manageable locally or remotely, the XS40 supports SNMP, script-based configuration and remote logging to integrate smoothly with your chosen management software.
How does the XS40 XML Security Gateway work with existing hardware like firewalls and routers?

The XS40 is an appliance and standards-based solution that can "drop into" existing networks with easy integration and interoperability. Using either the standard Command Line Interface or the Web-base GUI, the XS40 can be inserted into existing networks with minimal effort and set-up, often in as little as 2 hours.

In your opinion, what are the critical security issues that affect XML?

XML's power and flexibility are also what cause new security issue when deploying XML-based applications and Web services. XML Web Services are designed to seamlessly connect resources above the network layer - enabling the concept of "loosely coupled but tightly contracted" applications. By their very design, they enable easy direct access to valuable backend databases and application servers and in turn, require the fine-grained control of new granular security policies above the network layer. Even those enterprises that don't plan on joining trading networks must take precautions. Because S2S connectivity enables new application sharing inside the enterprise, policy enforcement is as strong a requirement for internal employees as it is for external partners.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th