Layer 7 pumps up security on XML gateway products

Layer 7 Technologies upgraded the operating system of its XML network appliances, adding features that let users apply consistent security policies across clusters of devices.

Layer 7 Technologies last week upgraded the operating system of its XML network appliances, adding features that let users apply consistent security policies across clusters of devices.

Layer 7 makes a family of XML gateway products that compete with similar XML processing devices from vendors such as DataPower (which IBM acquired last year), Forum Systems and Reactivity. Its flagship product is the SecureSpan XML Gateway, a security and network appliance that offloads the inspection and processing of XML traffic from application servers.

Among XML processing vendors, Layer 7 emphasizes policy management, says Ron Schmelzer, a senior analyst at research firm Zapthink. With the SecureSpan XML Gateway, users define content-screening policies to protect against malicious code, or establish rules laying out what’s required to validate the authority, for example, of an application requesting access to certain data.

Version 3.5 of Layer 7’s Security operating system has features tuned for multidevice deployments. With the new devices, users replicate policies automatically and maintain session persistence across clusters, for example. In previous versions, users had to apply policies manually across multiple gateways.

“There was limited ability to do clustering, but it was very manual. Whenever you have manual configuration of devices in a cluster, you introduce management and security issues,” says Dimitri Sirota, vice president of marketing and alliances at Layer 7. For example, if policies were applied across devices inconsistently, a device with an outdated or missing rule might open a gap a hacker could exploit.

In addition, previous versions didn’t let users implement some Web services standards – such as the WS-Secure Conversation specification, which defines mechanisms for establishing and sharing security contexts – across a cluster because the devices weren’t able to support persistent sessions.

As XML firewalls and gateways become more popular, users are looking for scalability and manageability improvements, Schmelzer says. In particular, as XML specifications mature and become broadly deployed, users want to do more automated policy management across devices. “Before, the specs weren’t widely adopted, so configuration was all very application-proprietary. There wasn’t any exchangeable metadata,” Schmelzer says. “Now there is metadata that can be exchanged.”

Version 3.5 also adds tools for making configuration changes and monitoring XML traffic and device availability across multiple gateways. Users view traffic loads and track the performance of Web services, as well as feed the management data to third-party platforms from CA and HP, Sirota says.

Layer 7 displayed its retooled appliances with partner Tarari at Interop Las Vegas. The SecureSpan XML Gateway uses Tarari’s chips to accelerate certain XML processing steps. Layer 7 devices featuring the upgraded operating system start at $60,000.