FRAMINGHAM (10/30/2003) - Start-up Reactivity Inc. last week released another version of its Extensible Markup Language (XML) firewall designed to provide corporations with tools to control, manage and log Web services traffic.
The XML Firewall 2300 is a network device deployed behind a corporate firewall that intercepts and processes all Web services messages based on Simple Object Access Protocol (SOAP). The company's 2100 model, released earlier this year, is the base platform.
Reactivity's 2300 model adds traffic management tools to help thwart denial-ofservice attacks. It also has a virus-scanning engine, Secure Sockets Layer acceleration, and support for public-key infrastructure (PKI) and Web services security protocols WS-Security 1.0 and Security Assertion Markup Language (SAML) 1.0.
Reactivity is one of a handful of vendors that offer specialized Web services software and hardware to manage and secure SOAP-based traffic. Others include DataPower Technology Inc., Sarvega Inc. and Westbridge Technology Inc.
"XML firewalls are part of a broader phenomenon of general Web services management tools," says James Kobielus, an analyst with Burton Group. Kobielus says these management devices will let users apply a consistent set of access, security and usage policies across all their Web services traffic. "But users need to be aware that all these vendors are start-ups and that the established vendors [Computer Associates International Inc., Hewlett-Packard Co., IBM Corp. and Microsoft Corp.] will get into management with their own products," he says.
These products are gaining visibility because of an expected spike in Web services traffic. Research firm ZapThink LLC says XML is expected to account for more than 25 percent of network traffic by 2006, up from less than 2 percent today.
Reactivity hopes its 2300 firewall will help secure and manage that traffic. The company's DoS feature uses a heuristic engine to check incoming messages against six parameters, including message size, request rate and authentication failures. The feature also includes three parameters on the server that check for memory utilization, message flow and response time. If traffic patterns deviate from policies set by the end user, the firewall can block the attack, slow the traffic or notify an administrator. The 2300 also can check for content-based attacks that use malformed SOAP-messages designed to attack databases or corrupt XML message flows.
Reactivity has beefed up its management console with a security policy manager that can be set on a per-service, per-user or per-transaction basis. The 2300 also features role-based administration that lets users create customized views for anyone administering Web services on the network.
The Reactivity XML Firewall 2300 is a 1U, rack-mountable hardware appliance that features two 10/100M bit/sec Ethernet ports. It costs US$50,000. An optional hardware security module for handling PKI keys is priced at $15,000.