Locking down Web appliances.
Web applications are being touted as the next bright star in the technology universe, but are they secure enough for implementation? One company making sure the answer is “yes” is New York-based KaVaDo, a Web application layer protection company that aims to make the Web a safer place to do business. Tal Gilat, the company’s CEO, chats about security, trends, and recruiting experts from the Israeli Army.
Is the need for Web application security acute right now?
Very. Everybody is bringing Web applications online, and it’s not yet clear to every organization that when they do that, they have to secure them. But from quarter to quarter we see increasing awareness.
Until now, they’ve relied on a network firewall, but with the emergence of firewall-evading technologies, these companies need more, otherwise there’s a security hole. The idea of having more than a firewall is gaining more momentum.
Why did you specifically recruit former Israeli Army members for your R & D department?
As with many places in the world, armies are usually technology leaders, especially in security-related areas. As the Web gained momentum, the army was looking at ways to secure it as well as how to get more information on it. The Israeli Army is known for its advancement in a lot of technologies, they concentrated on technology early on. Our developers came from a unit in the Israeli Army that is focused specifically on security.
How did their time in the army help them as developers?
While in the service, all of our R & D professionals were what you’d call ethical hackers. They learned from each other how to hack, and it gave them a unique background. The products that we have now were tested in a way that emulated a hacker trying to attack an application. It allowed us to develop products that truly do block malicious activities.
How is your firm unique in the marketplace?
There are not that many companies that deal with Web application security. The reason is that the knowledge base is quite rare, it’s a route less taken. Right now, if you’re a security professional, you probably come from a network background.
Our capabilities and knowledge are different, they come from different security areas. If you want to protect Web services, it has nothing to do with network security. Simply understanding protocols like HTTP or SOAP isn’t enough, you won’t be able to secure Web services just because you know how to install a VPN or are an expert in intrusion detection. It’s a different area, you’d have a long way to ramp up to understand the issues involved.
Why is the security so different for Web services?
When you use a firewall on a network you can implement rules, but when you’re dealing with Web applications, there are no rules because it’s hard to find two applications that are similar. You have to define your own rules that will be relevant to every application, and that requires coming up with new security techniques.
Do you think companies will soon realize how important this security is?
I think it will be the big trend of 2003, the need for this kind of security will explode this year. Hopefully, it won’t be because of some compelling event that involves security breaches. It’s just a matter of time for awareness to pick up. If we look back, you’ll see firewalls preceded by network scanners, and although the need was there before the firewalls were, it still took awhile for the network guys to understand.
do you know a New York company we should cover? Let us know about it. Send your local profile candidates to [email protected]