Case study: An educated decision

Case study: An educated decision
Case study: An educated decision

Implementation smooth

With the assistance of IBM's AppScan Enterprise (ASE) support staff, the deployment of the tool across the enterprise went smoothly, Jalso says. And, he appreciates how easy it is to manage.

One of its biggest assets, Jalso says, helping to meet compliance requirements. “ASE assists with a number of regulations in that it identifies security vulnerabilities and provides compliance reports for applications which contain sensitive information,” he says.

Further, for intrusion detection and intrusion prevention, it helps from a system configuration need, he says. “And for secure coding practices, it is invaluable from a software development need.”

AppScan's database of attacks and techniques can be updated through its “Live Update” feature, says Danahy. This capability allows users to decide if they want to receive updates whenever AppScan is launched. Once the update process ends, updates are automatically installed in AppScan, and information regarding the specific update appears in the “Updates log.”


[sidebar]

BIG BLUE: New resources

The IBM team of application security experts has led research in this area for 14 years, says Jack Danahy, security executive of IBM Rational. Before arriving at IBM, Danahy was founder and CEO of two technology companies; Qiave Technologies, sold to Watchguard Technologies in 2000, and Ounce Labs, sold to IBM in July of 2009. As well, Danahy served on the board of the Payment Card Industry (PCI) Vendor Alliance, and is a distinguished fellow at the Ponemon Institute.

“Our IBM team has filed many patents, including runtime analysis and the first and broadest patent on web application security scanning issued in 2003,” he says.

The AppScan team has focused on making application security fit into the development environment and the security infrastructure in organizations, says Danahy.

IBM AppScan products are complemented by the IBM Security framework that includes offerings specific to threat mitigation on the network (IBM Security Network IPS), for servers (IBM Security Server Protection) and for databases (IBM Infosphere Guardium), Danahy says.

Page 2 of 2
close

Next Article in Features

Sign up to our newsletters

More in Features

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.

Urgent care: Safeguarding data at health care providers

Urgent care: Safeguarding data at health care providers

Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.

Deciphering cloud strategy

Deciphering cloud strategy

There are steps security pros can take to achieve greater peace of mind with cloud implementations, reports Alan Earls.