March 01, 2012
Features

Case study: An educated decision

Case study: An educated decision
Case study: An educated decision

Implementation smooth

With the assistance of IBM's AppScan Enterprise (ASE) support staff, the deployment of the tool across the enterprise went smoothly, Jalso says. And, he appreciates how easy it is to manage.

One of its biggest assets, Jalso says, helping to meet compliance requirements. “ASE assists with a number of regulations in that it identifies security vulnerabilities and provides compliance reports for applications which contain sensitive information,” he says.

Further, for intrusion detection and intrusion prevention, it helps from a system configuration need, he says. “And for secure coding practices, it is invaluable from a software development need.”

AppScan's database of attacks and techniques can be updated through its “Live Update” feature, says Danahy. This capability allows users to decide if they want to receive updates whenever AppScan is launched. Once the update process ends, updates are automatically installed in AppScan, and information regarding the specific update appears in the “Updates log.”

[sidebar]

BIG BLUE: New resources

The IBM team of application security experts has led research in this area for 14 years, says Jack Danahy, security executive of IBM Rational. Before arriving at IBM, Danahy was founder and CEO of two technology companies; Qiave Technologies, sold to Watchguard Technologies in 2000, and Ounce Labs, sold to IBM in July of 2009. As well, Danahy served on the board of the Payment Card Industry (PCI) Vendor Alliance, and is a distinguished fellow at the Ponemon Institute.

“Our IBM team has filed many patents, including runtime analysis and the first and broadest patent on web application security scanning issued in 2003,” he says.

The AppScan team has focused on making application security fit into the development environment and the security infrastructure in organizations, says Danahy.

IBM AppScan products are complemented by the IBM Security framework that includes offerings specific to threat mitigation on the network (IBM Security Network IPS), for servers (IBM Security Server Protection) and for databases (IBM Infosphere Guardium), Danahy says.

From the March 2012 Issue of SCMagazine »
Page 2 of 2
Related Articles
Related Topics
Related Links
close

Next Article in Features

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.