Post on 10-Apr-2018
transcript
8/8/2019 Wave XML Security Gateways
1/16
March 29, 2004
Forrester Wave: XML SecurityGatewaysby Randy Heffner
T E C H
C H O
I C E S
Helping Business Thrive On Technology Change
8/8/2019 Wave XML Security Gateways
2/16
2004, Forrester Research, Inc. All rights reserved. Forrester, Forrester Oval Program, Forrester Wave, WholeView 2, Technographics, andTechRankings are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Forresterclients may make one attributed copy or slide of each figure contained herein. Additional reproduction is strictly prohibited. For additionalreproduction rights and usage information, go to www.forrester.com. Information is based on best available resources. Opinions reflectjudgment at the time and are subject to change. To purchase reprints of this document, please email reprints@forrester.com.
TECH CHOI CES
EXECUTIVE SUMMARY
Growing Web services adoption is driving demand for secure Web services. XML security gateways offer
a quick-hit solution perfect for high-priority projects operating on a tight schedule. But it is critical to
look at the early market in the broader context of application security architecture. Within three or four
years, XML security gateways will disappear into firewalls and identity management. In the meantime,
users can benefit from their integrated package of attack protection, trust enablement, and message
processing acceleration. Forum Systems and DataPower Technology hold a slight edge, but others have
unique value-add that may tip a buyers decision in their favor. Dont be afraid to buy in, but start with a
clear understanding of your application security requirements and architecture.
TABLE OF CONTE NTSSerious Web Services Need Security
Architecture
XML Security Gateways Are A Fast-Path Solution
Its An Early Market For XML Security Gateways
A Quantitative Assessment Of XML Security
Gateways
Two Early Leaders Have A Slight Edge On ThePack . . .
But Every Vendor Has Some UniqueValue-Add
Future View: What Is The Exit Strategy?
XML Firewall And Gateway Packaging Will Split
Identity And Firewall Vendors Split The Spoils
RECOMMENDATIONS
Take A Tactical Decision Stance
Dont Fear Less-Established Vendors
Have A Clear View of Security Requirements
For Heavy Application Security Requirements
For Broadly Accessible External Web Services
Remember Friendly Fire
Supplemental Material
NOTES & RESOURCESForrester interviewed 15 vendor and user
companies, including: Aeroplan, AmberPoint,
Blue Titan Software, Entrust, Government of
British Columbia, Oblix, and the seven XML
security gateway vendors included in the
evaluation.
Related Research DocumentsWatch Out! X-Malware Is Real
March 9, 2004, Quick Take
Secure Web Services: Current and Future
Architectures
January 8, 2004, Planning Assumption
Secure Web Services: Functional Design
Priorities
January 8, 2004, Planning Assumption
Market Overview 2004: Web Services Solutions
December 22, 2003, Planning Assumption
Market Overview 2003: Application Security
Architecture
September 25, 2003, Planning Assumption
March 29, 2004
Forrester Wave: XML Security GatewaysA Question Of Exit Strategyby Randy Heffnerwith Ted Schadler and Carey E. Schwaber
2
5
8
11
11
13
8/8/2019 Wave XML Security Gateways
3/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
2
SERIOUS WEB SERVICES NEED SECURITY ARCHITECTURE
Application developers building new Web services too oen approach security with
a limited mindset focused on their immediate requirements rather than on the broader
context of application security architecture (see Figure 1).1 But these new Web services
applications are really only creating a new access channel. Aer all, the underlying business
services will also be accessed via Web applications, rich-client applications, interactive
voice response systems, mobile applications, and any number of other interaction channels.
at means that IT should secure the Web services channel within a broader security
context to achieve:
Unified, consistent access policy for business services. Inconsistencies can easilyarise when access policy for Web services is managed separately from access policy
for other channels. is is especially troublesome when a given user base accesses the
same underlying services through a variety of interaction channels.
Stronger access control for business services. A separate secure Web servicesarchitecture may not integrate well with the security features of the underlying
application platform on which services run. is may require that the underlying
application platforms run business services in a relatively open access mode, relying
entirely on the secure Web services layer for its security, while also having a separate
security architecture for every other access channel.
Better planning for evolving security solutions. Even if cost or product maturityissues drive tactical compromises on access policy management or access control,
planning current implementations within a broad application security architecture
enables todays product and design decisions to evolve more cleanly into a future
strategic security architecture.
XML Security Gateways Are A Fast-Path Solution
But Web services are a new access channel with a new set of technologies that require new
solutions focused on securing XML messages and Web services endpoints. New vendors
have stepped into this vacuum with dedicated products that Forrester calls XML security
gateways. Ranging in cost from $30,000 to $55,000, these products provide:
Attack protection. XML-based applications are vulnerable to attacks based onmessage rates (such as a flood of messages in a denial of service attack), message flow
(such as a message replay attack), and X-Malware (malicious or malformed XML
messages).2 Attack protection features inspect incoming messages for these attacks and
reject messages or block message senders. e term XML firewall applies only to
these features, not to the rest of an XML security gateways features.
8/8/2019 Wave XML Security Gateways
4/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction Prohibited March 29, 2004
3
Figure 1 Understanding Application Security Architecture Solutions
Source: Forrester Research, Inc.
Application security architecture -- major market segments1-2
Market segment Descriptions Sample vendors
Accessinfrastructure andsingle sign-on
Applicationfirewalls andsecurity gateways
Ensures that an incoming requestdoes not get to an applicationunless it is an authorized request
from an authenticated user
Prevents malformed or maliciousrequests from reaching theapplication; may also serve asaccess infrastructure
Application platforms: BEA Systems, IBM,MicrosoftWeb SSO: CA, Entrust, Netegrity, Novell, Oblix, RSA
Security
Web application firewalls: KaVaDo,NetContinuum, Sanctum, TerosXML security gateways: DataPower, Forum, Layer7, Reactivity, Sarvega, Vordel, Westbridge
Enterpriseapplication securityintegration
Brokers security functions acrossdiverse application securitytechnologies (e.g., betweenJava and Microsoft platforms
BEA Systems, Quadrasis
Code security Tools and technologies to eitheridentify application vulnerabilitiesor to make an application more
difficult to compromise
Aspose, Cenzic, eEye, Foundstone, KaVaDo,Nessus (open source), Parasoft, PreEmptiveSolutions, Sanctum, SPI Dynamics
Libraries andframeworks
For application-levelimplementation of variouscustomized security featuresand capabilities
Certicom, Entrust, Phaos Technology, RSA Security
Application security architecture solution space1-1
Application
platform
A
Application
platform
B
Application security firewalls and gateways
Access infrastructure and SSO
Security libraries and frameworks
Enterprise application
security integration
Code security
8/8/2019 Wave XML Security Gateways
5/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
4
Trust enablement. If one describes attack protection as keeping the bad guys out,then trust enablement is letting the good guys in. Authentication of the requesters
identity is first, then authorization of the request. Other major trust features are
administration, audit/logging, and security integration.
Cryptographic and XML acceleration. Cryptography is a major element ofXML and Web services security, and it is a heavy processing load to place on an
application server. XML security gateways reduce the load in two ways. First, they
provide an adjunct processor to remove the load from the server.3 Second, they
may include cryptographic hardware to reduce processing time. Similar arguments
go for acceleration of XML processing such as Extensible Stylesheet Language
Transformations (XSLT) transforms and evaluation of XPath expressions.
XML gateways can integrate to varying degrees with existing security infrastructure, butthey can also be deployed in a standalone mode, providing a relatively simple drop-in
solution (see Figure 2). us, with the right planning and product selection, you can get up
and running quickly with a standalone deployment, and over time integrate more deeply
with your application security architecture.
Its An Early Market For XML Security Gateways
e market for XML security gateways is only now starting to build momentum. So, even
though deploymentof an XML security gateway can be either tactical or strategic (that is,
standalone or integrated), anypurchase of an XML gateway must be viewed as a tactical
decision. is is clear when you consider that:
ere are no big players. All of the vendors are startups and few have more thana handful of paying customers. Each has a particular product focus, all are rapidly
expanding their products features and functions, and it is not yet clear which features
buyers will consider most important. Some vendors are showing early product or
market strengths, but this could change quickly as the market develops.
e market segment itself is not well established. As a market segment, XMLsecurity gateways will face future questions as to their relationship to several other
product categories portions of their functionality and deployment modes overlap
with or are similar to Web application firewalls, network firewalls, Web servicesmanagement, Web single sign-on (SSO), and application platforms. ere are
already vendor moves that blur the lines of these segments, and much more change
is yet to come.
8/8/2019 Wave XML Security Gateways
6/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction Prohibited March 29, 2004
5
Figure 2 XML Security Gateway Deployment: Standalone Versus Integrated
A QUANTITATIVE ASSESSMENT OF XML SECURITY GATEWAYS
Forrester evaluated the seven major players in the XML security gateway space using the
Forrester Wave methodology (see Figure 3).4
Two Early Leaders Have A Slight Edge On The Pack . . .
Although no vendor has an across-the-board lead on current offering, future strategy, and
market presence, Forum Systems and DataPower Technology have a slight lead over the
others. Both claim to have more than 15 customers for their gateways, which qualifies as a
lot in this market. Other ways in which they distinguish themselves include:
Forum Systems has the best product packaging strategy. While some gateways areoffered in appliance and soware-only form factors, Forum adds a third form factor,
PCI card, and it packages its XML firewall as a separate product, XWall, from its XMLsecurity gateway, Sentry. Both support acceleration, and the two can be delivered
together in an integrated package.5 Forum also has a third product, Presidio, an
Open Pretty Good Privacy (OpenPGP) security gateway. Multiple products and form
factors provide flexibility for user deployment and for Forums adaptation to future
market changes. In addition, Forum has competitive functionality across most of our
evaluation criteria.
Source: Forrester Research, Inc.
Web serviceclient
ProtectedWeb service
StandaloneXML security
gateway
Users Policy
ProtectedWeb service
Web serviceclient
IntegratedXMLsecuritygateway
Existingusers
Existingpolicy
Securitycontext
Standalone
Integrated
8/8/2019 Wave XML Security Gateways
7/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
6
DataPower has strong integration for security and management. AlthoughDataPower has only an appliance form factor, it has invested heavily to integrate
its gateway with existing infrastructure. For security integration, DataPowers XS40
can delegate authentication and authorization decisions to Web SSO and identity
management products like Netegrity SiteMinder, Tivoli Access Manager, and Sun
Identity Server. It has full APIs for custom integration and an SNMP implementation
that is complete with standard and DataPower-specific management information
bases (MIBs). It also integrates with upstream devices, such as load balancers, to block
malicious traffic before it even gets to the gateway. All of this adds up to the strongest
overall current feature set.
. . . But Every Vendor Has Some Unique Value-Add
XML security gateway vendors are showing their creativity in the breadth of features and
functions that they are implementing. is gives you the opportunity to find a product thatclosely matches the specific requirements of your environment and applications. Since the
market will be evolving rapidly in the next two to three years, there is a large risk that any
purchase will soon be obsolete, so you may well have to change products no matter what
you buy. e major ways in which the other gateway vendors distinguish themselves are:
Westbridge Technology balances attack protection, trust, and management.Westbridges XML Message Server has one of the strongest current offerings in terms
of all around balanced feature-function. In addition to strong attack protection
and comprehensive trust enablement features, Westbridge has basic Web services
management (WSM) capabilities, which may prevent having to buy a separate WSMproduct. Other highlights include highly flexible logging, strong decision delegation,
soware-only and appliance form factors, the ability to define multiple views over a
single underlying service (service views as Westbridge calls them), and a plug-in for
secure Web services access from Microso Excel. Service views and the Excel plug-in
are features unique to Westbridge.
Vordel understands deep application security integration. VordelSecure featuresan agent-based architecture and agent API that enables deep security integration
between the gateway and Web services endpoints. For sensitive services or when a
service is accessed through multiple channels, it is not acceptable to leave security
entirely up to a front-end gateway the application platform underlying the servicemust know the requestors identity and perform its own authorization checks. Using
Vordels agent API, you can more easily maintain a continuous security context
between your Web services channel and the native security of your underlying
application platform. Vordel focuses more heavily on trust enablement but provides
basic attack protection as well.
8/8/2019 Wave XML Security Gateways
8/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction Prohibited March 29, 2004
7
Figure 3 Forrester Wave: XML Security Gateways, Q1 04
Sarvega has strong features and a strong commitment to standards. Sarvega isamong the vendors most willing to implement standards early and to make firm
statements about the emerging standards it will support. It is currently shipping early
implementations of WS-Addressing and WS-Routing, and it is committed to future
implementation of Kerberos, XML Key Management Specification (XKMS), and
Liberty Web Services Framework, as well as WS-Policy, WS-SecurityPolicy, and the
rest of the IBM-Microso WS-Security road map. Sarvegas XML Guardian Security
Gateway provides message transformation and routing, complete APIs for customintegration, cluster-aware configuration, and prebuilt management integration with
Unicenter and Tivoli. Future releases will strengthen Sarvegas decision delegation and
credential propagation features.
Source: Forrester Research, Inc.
RiskyBets Contenders LeadersStrongPerformers
Currentoffering
StrategyWeak
Weak
Strong
Strong Market presence
The spreadsheet detailing this Forrester Wave is available online.
Vordel
Layer 7 Technologies
Sarvega
Forum SystemsWestbridge Technology
Reactivity DataPower Technology
8/8/2019 Wave XML Security Gateways
9/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
8
Reactivity has the best attack protection. Reactivitys design has focused heavily onattack protection and its XML Firewall features multiple ways to detect a denial
of service attack and it can automatically update attack processing logic. Reactivitysintegration of Tararis XML acceleration hardware will likely be the first to make it
to market in an XML security gateway. Other notable strengths include authorization,
administration tools, and flexible, secure logging. Future releases will include a
soware development kit for custom product extensions and decision delegation
to Web SSO and identity management products.
Layer 7 Technologies excels for end-to-end integration scenarios. One of thechallenges of secure Web services is that the client and server must be configured to
use the same security connection policies. e emerging WS-Policy standard will
provide a protocol for negotiating connection parameters, but even then both sides
must support a common set of connection capabilities and polices. Layer 7s trustenablement features support a broader vision around secure end-to-end integration,
so it tackles this problem head-on. SecureSpan provides a client-side agent that
communicates with the gateway to maintain consistent connection policy. is
provides strong trust for situations where you have influence over both ends of an
integration connection. As the most recent vendor to enter the market, Layer 7 is
still early in its product development.
FUTURE VIEW: WHAT IS THE EXIT STRATEGY?
For venture-funded startup companies, the question for venture capitalists is always,What will be our exit strategy? VCs want to know how they will extract the financial
value the company has built. For the XML security gateway space, the question goes
beyond a VCs financial view to reflect a critical question about the future of the market
segment itself. Because of overlapping and similar features and deployment models
between XML gateways and other market segments, and because each new infrastructure
device adds complexity to the data center environment, XML security vendors are wise
to ask, What will be our exit strategy as the XML security gateway market dissolves into
other segments?
XML Firewall And Gateway Packaging Will Split
e three major functions of XML gateways, attack protection, trust enablement, and
acceleration, are all important functions that require XML-specific product functionality.
is makes it a sure thing that these functions will remain. It also argues that the intellectual
property being created by the gateway vendors has real market value over the long term.
But it doesnt mean that XML gateway vendors current go-to-market product packaging of
these functions is the right one for the long term.
8/8/2019 Wave XML Security Gateways
10/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction Prohibited March 29, 2004
9
Within three or four years, the XML security gateway market will not exist in its current
form. e current overriding need for a quick solution to secure Web services will give way
to longer-term demands for integrated application security architecture and infrastructure.
As IT seeks security unification and infrastructure simplification, the attack and trustfunctions of XML gateways will be pulled apart. From the user side, this will happen
because:
Trust features have affinity with users and applications. Trust requires knowingusers identities and must be closely integrated with application policy. To achieve
unified identity and trust management across all users and application access channels,
XML trust enablement functions must be closely integrated with identity management
and application platforms.
Attack protection features have affinity with infrastructure. Attack protectionis anonymous by its very nature, and it is best handled before a malicious request
reaches an application. us, it is natural for XML attack protection capabilities to be
integrated with network and infrastructure security.
erefore, as users pursue integration and unification, they will move to pull XML security
into their existing architectures for application-level and infrastructure-level security,
rather than segregating XML security into its own separate top-to-bottom domain.
Identity And Firewall Vendors Split The Spoils
From the vendor side, the same forces are at work because:
Firewall vendors are looking for new territory. Attack protection has long been thedomain of network firewall and intrusion detection vendors XML presents a new
opportunity for them, as it does for Web application firewall vendors. Not that it is
simple for them to take on X-Malware protection XML attack checking is notably
different from their traditional strengths but network firewalls are already reaching
up to the application layer, Web application firewalls are already reaching into XML,
and more is yet to come.
Identity and application platforms need deep trust features. Web SSO vendors long
ago extended their authentication and authorization architectures to go beyondprotecting HTTP requests to integrate deeply with J2EE application servers XML
presents enticing new territory for them, as exemplified by Netegritys
TransactionMinder and Oblixs recent purchase of Confluent. Java and Microso
application platforms are already providing early implementations of secure Web
services standards to extend their built-in trust features to cover XML.
8/8/2019 Wave XML Security Gateways
11/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
10
Acceleration will be available everywhere. Although cryptography accelerationand XML acceleration vendors are not about to encroach on XML gateway vendors
territory, they are happy to enable their chips to be deployed into as many different
devices as possible. is lessens the value of a separate XML security device because,
wherever XML and cryptographic processing occur, a chip will be available to
accelerate it.
Viewing the XML security gateway segment from the split between attack protection and
trust enablement functions, the potential future alignments among market segments
becomes clearer. XML security gateway vendors split into two groups of acquisition targets
(see Figure 4):
Firewall acquisition targets. Vendors with a strong focus on attack protection
become interesting targets for acquisition by network firewall vendors or merger withWeb application firewall vendors. In this category are Forum Systems, DataPower,
Reactivity, Sarvega, and Westbridge.
Identity management acquisition targets. Vendors with a heavy focus on securityintegration and core trust features become interesting targets for identity management
vendors. In this category are DataPower, Forum Systems, Layer 7, Vordel, and
Westbridge.
Westbridge, as the vendor that has pursued the greatest amount of functionality beyond
secure Web services (such as WSM and its service views) may find additional market
opportunities.
Figure 4 Identity Management And Firewall Vendors Split The XML Security Spoils
Source: Forrester Research, Inc.
DataPower
SarvegaWestbridge
Forum Systems
Reactivity Vordel
Layer 7
Strong onattack protection Strong ontrust enablement
Firewall vendors Identity management vendors
8/8/2019 Wave XML Security Gateways
12/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction Prohibited March 29, 2004
11
R E C O M M E N D A T I O N S
TAKE A TACTICAL DECISION STANCE
Any purchase of an XML security gateway should be viewed as a tactical step. Forrester
recommends a 12-month payback target (or 24-month at most). The coming churn in the
market segment will sideline some vendors and find others refactoring their products
and integrating them with other product types. In any case, there is a strong possibility
that the vendors direction and your future needs will diverge, and you dont want to get
caught having to toss a solution out before it has paid for itself.
Dont Fear Less-Established Vendors
Although Forum Systems and DataPower Technology have a slight lead, none of the
vendors are beyond the high-risk startup stage so anydecision is to go with a
less-established vendor. Considering the above recommendation to stay tactical, you
are more likely to pay for a solution quickly if it has a strong match with your unique
requirements. If your vendor fails in a year, a migration to another vendor will have some
pain to it, but by then other vendors are likely to have implemented the special features
that drove you to your first vendor.
HAVE A CLEAR VIEW OF SECURITY REQUIREMENTS
Secure Web services is only one part of the complete security requirements of your
applications. Slapping an XML security gateway product in front of an application will
not ensure adequate or appropriate application security. Your current and future plansfor your Web services and your applications will have a major impact on your XML
security gateway decision.
For Heavy Application Security Requirements
The accountability requirements and sensitivity of the underlying services drive the
depth of application security architecture you should implement. In addition, it is
important to consider whether the services will be accessible only through Web services
or through other channels as well. High sensitivity, stringent accountability requirements,
and multichannel access all drive the need for an application platforms native security
to be operative, so that it can closely and consistently control application security. If
the application platforms security is supplanted by a drop-in XML gateway solution, it
is more difficult to construct a clean audit trail and enforce policy consistently across
multiple channels. If you have heavy security requirements:
Youll have to map XML security contexts to native security contexts.To allowyour application platforms native security to be operative, the security token from
8/8/2019 Wave XML Security Gateways
13/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
12
an incoming message must be mapped to native security contexts (for example,
mapping an X.509 certificate to an EJB session context). This may require custom
integration work.
Consider XML security gateways with strong security integration. Vordel hasthe best feature set for deep application platform integration, but even it does not
provide a complete solution. DataPower, Forum Systems, and Reactivity all have
strong credential mapping features that may help as well, although you will have to
write all of your own agent code.
For Broadly Accessible External Web Services
External Web services are more risky because of the open exposure to potential attackers.
If your external services are exposed to a small set of partners, you can likely exchange
digital certificates with all your partners and use bidirectional SSL authentication as partof your security strategy. This will prevent unknown attackers from even establishing a
connection (unless, of course, an attacker gets a hold of one of your partners certificates
and private keys, which is certainly a possibility). If certificate management presents too
high a cost barrier or if you will have publicly accessible Web services you:
Must provide strong X-Malware protection. If attackers can establish connections,they can experiment with any type of X-Malware to see what damage they can do.
Should favor XML security gateways with strong attack protection. DataPower,Reactivity, and Westbridge are top of the list here.
Remember Friendly Fire
Even if your Web services are accessible only by internal users and highly trusted
partners, remember that:
Many attacks come from the inside. Unless Web service requests flow only overisolated network segments accessible only within a secure data center and really
even then, too you should assume that they will come under attack, especially
if they perform high-value transactions. An interesting deployment scenario that
may apply here is to use an XML gateway on both the client and server sides of a
connection.
An unintentional attack is still an attack.
Applications dont always formatmessages properly. Application developers dont always anticipate the side effects of
their design decisions. The higher the criticality of the service, the more value it is to
have the strong security for it.
8/8/2019 Wave XML Security Gateways
14/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction Prohibited March 29, 2004
13
SUPPLEMENTAL MATERIAL
Online Resource
Figure 3 is backed by an online spreadsheet that includes seven scorecards, each withabout 40 data points. Readers can use the spreadsheet in their own decision process by:
1) customizing the weightings for personal results; 2) trimming the vendors down to a
shortlist; 3) sharing the results with other team members; and 4) using the criteria set
in RFPs.
Methodology
Forrester conducted this research by starting with creation of Forrester Wave evaluation
criteria for XML security gateways, followed by vendor interviews and documentation
of each vendors standing against the criteria. Every vendor was given at least two
opportunities to perform fact checks reviews of their own evaluation. Users of XML
security gateways were interviewed to supplement and validate assessments.
Companies Interviewed For This Document
Actional
Aeroplan
AmberPoint
Blue Titan Soware
DataPower Technology
Entrust
Forum Systems
Layer 7 Technologies
Ministry of Attorney General,
Government of British Columbia
Oblix
Reactivity
Sarvega
Teros
Vordel
Westbridge Technology
8/8/2019 Wave XML Security Gateways
15/16
Tech Choices| Forrester Wave: XML Security Gateways
2004, Forrester Research, Inc. Reproduction ProhibitedMarch 29, 2004
14
ENDNOTES
1 ere are five major market segments that provide portions of a comprehensive application
security architecture. See the September 25, 2003, Planning Assumption Market Overview 2003:
Application Security Architecture. Of these five segments, XML security gateways provide both
firewall and access control capabilities, and they also provide ties to EASI. See the June 22, 2001
Planning Assumption Gigas Model for Enterprise Application Security Integration.
2 Forrester defines X-Malware as any XML payload that is constructed (intentionally or not) to
confuse XML infrastructure into bypassing security or disrupting processing. See the March 9,
2004, Quick Take Watch Out! X-Malware Is Real.
3 Note that confidentiality or data integrity requirements may dictate that a message be encrypted
through its entire path from client application to server application, so offloading of cryptographic
processing is not always the right answer.
4 When Forrester evaluates and ranks the major players in a market, we create a Forrester Wave. It
is a research graphic built on an open methodology and a straightforward algorithm that exposes
vendor scores, key attributes, and weightings in an interactive spreadsheet.
5 It is the integrated package assessed in the scorecards accompanying this report.
8/8/2019 Wave XML Security Gateways
16/16
Australia
Austria
Brazil
Canada
France
Germany
Hong Kong
India
Israel
Japan
Korea
The Netherlands
Poland
United Kingdom
United States
Spain
Sweden
Headquarters
Forrester Research, Inc.
400 Technology Square
Cambridge, MA 02139 USA
Tel: +1 617/613-6000
Fax: +1 617/613-5000
Email: forrester@forrester.com
Nasdaq symbol: FORR
www.forrester.com
H e l p i n g B u s i n e s s T h r i v e O n Te c h n o l o g y C h a n g e
For a complete list of worldwide locations
visit www.forrester.com/about.
Research and Sales Offices