Array Networks Successfully Completes Internet Security Systems' Rigorous X-Force Application Security Testing.Business Editors/High-Tech Writers Infosecurity Conference & Expo 2002 CAMPBELL, Calif.--(BUSINESS WIRE)--Dec. 11, 2002 Array SP SSL-based Secure Access Platform Proves Virtually Invulnerable in·vul·ner·a·ble adj. 1. Immune to attack; impregnable. 2. Impossible to damage, injure, or wound. [French invulnérable, from Old French, from Latin to Intensive Penetration Tests Array Networks, The Web Traffic Company, announced that the Array SP (Security Proxy) series has met Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS ISS See Institutional Shareholder Services (ISS). ) (Nasdaq:ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ) X-Force's best practices criteria for application security. ISS X-Force(TM) Penetration Team is well known for its attack simulation and analysis services. The application security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, included intense penetration testing as well as best practices assurance for secure application development and maintenance. During several weeks of intensive X-Force Penetration Testing conducted by ISS' elite X-Force team of security consultants, the enterprise-class Array SP withstood attempts to breach the device's security. The tests included attacks such as buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. , PROTOS remote SNMP (Simple Network Management Protocol) A widely used network monitoring and control protocol. Data are passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc. attacks, denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS), SynFlood, script attacks, and other typical attacks as well as unconventional hacking methods. "ISS conducts exhaustive X-Force penetration testing as part of our assessment methodology for application security," said Christopher Klaus, founder and chief technology officer of ISS. "The Array SP series successfully completed the X-Force Application Security Testing by meeting and exceeding ISS' criteria for best practices. The Array SP platform performed admirably against penetration attempts, even during attacks generated by the X-Force Penetration Team armed with knowledge about the device's functional characteristics. The Array SP series performed in an outstanding manner." An X-Force Penetration Test is a controlled network attack simulation that provides a snapshot of an organization's security posture or a network device's security capabilities. The ISS team of highly trained and certified information security professionals that perform the tests follow a robust testing methodology. These experts use tools that carry the most up-to-date vulnerability research available and possess creative instincts to manipulate the tools in both typical and unconventional ways in order to identify and document exposures that could be used by a malicious individual to infiltrate an organization's network. The X-Force Penetration Tests performed on the Array SP included "blind" or zero-knowledge testing in which the simulated attacker knows nothing about the product they are attempting to break into, as well as trusted-knowledge testing in which the attacker has the knowledge level of a trusted end user, reasonably obtainable by non-Array Networks personnel. Both tests showed the Array SP to be well secured against attack. "To ensure that the Array SP series delivers virtually unbreakable, enterprise-class security our customers can trust, we asked the world-renowned X-Force team to take their best shot at penetrating the Array SP with every attack possible," said Donald J. Massaro, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Array Networks. "We are proud that the Array SP series passed these tests with flying colors Noun 1. flying colors - complete success; "they passed inspection with flying colors" flying colours success - an attainment that is successful; "his success in the marathon was unexpected"; "his new play was a great success" to receive approval from ISS X-Force Application Security Testing." About the Array SP The Array SP secure Web traffic management platform is an SSL-accelerated secure access device. For the busiest enterprise networks, the Array SP (Security Proxy) delivers remote access to Web applications for partners, customers, employees and remote workers based on trusted encryption, authentication, authorization and accounting (AAA AAA: see American Automobile Association. (Triple A) A common single-cell battery used in a myriad of electronic devices of all variety. Like its double A (AA) cousin, it provides 1.5 volts of DC power. When used in series, the voltage is multiplied. ). An Array SP can support up to 5,000 SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. transactions per second In a very generic sense, the term Transactions Per Second refers to the number of atomic actions performed by certain entity per second. In a more restrictied view, the term is usually used by DBMS vendor and user community to refer to the number of database transactions performed and 32,000 concurrent user In computer science, the number of concurrent users for a resource in a location, with the location being a computing network or a single computer, refers to the total number of people using the resource at the same time. sessions and can be configured in high-availability "super clusters" consisting of up to 32 Array SP devices. The Array SP provides a unified view of enterprise Web services. Whether the partner, customer, supplier, remote worker or employee is coming from the Internet or the corporate network, the view of the applications, the authentication process and even the URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. remain identical. Rather than providing different access methods for different classes of users, the Array SP provides a simplified, borderless point of entry that works for all users, all the time. The Array SP handles all access requests over encrypted SSL connections from any standard Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. , requiring authentication before granting service access, and permitting the application or user to access only authorized Web services while logging all user activity. The Array SP is based on the Array Application Networking Architecture (ANA), a highly integrated, exceptionally scalable architecture for secure Web traffic management. ANA-based platforms utilize Array's SpeedStack(TM) network processing technology to provide tightly coupled integration of IP services, Web security and network performance. About Internet Security Systems, Inc. (ISS) Internet Security Systems, Inc. (ISS) (Nasdaq:ISSX) is a world leader in software and services that protect critical information assets from an ever-changing spectrum of threats and misuse. Software from Internet Security Systems dynamically detects, prevents and responds to sophisticated threats to networks, servers and desktops. Services include 24/7 system monitoring, emergency response and access to the X-Force, Internet Security Systems' renowned research and development team. Internet Security Systems is the trusted security provider for more than 10,000 corporate customers, including all of the Fortune 50, the top 10 largest U.S. securities firms, 10 of the world's largest telecommunications companies and major agencies and departments within U.S. local, state and federal governments. Headquartered in Atlanta, Ga., Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 888/901-7477. About Array Networks Array Networks, the pioneer in directing, accelerating, securing and analyzing all internal and external Web traffic, develops the industry's first fully integrated Web traffic management and security platforms. Headquartered in Campbell, Calif., with sales offices in the U.S., Europe, Asia Pacific and Latin America, Array Networks engineers and manufactures its products in the Silicon Valley and sells through direct and value-added channels. Array Networks has raised $43.6 million in venture funding from blue-chip investors U.S. Venture Partners and H&Q Asia Pacific. For more information, visit www.arraynetworks.net or call 408/874-2420. Array Networks is a registered trademark, and Array SP, ArrayOS and SpeedStack are trademarks of Array Networks. Internet Security Systems and X-Force are trademarks of Internet Security Systems, Inc. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion