Trusted EBusiness: Security Management for the WebLogic Platform PentaSafe Security Technologies Oct

1
Trusted E-Business Security Management for the
WebLogic PlatformPentaSafe Security
TechnologiesOctober 12, 2001

2
Security Check-Up Quiz

• Do you know if your platform is secure?
• Can you prove your Server, Applications and
  Components were set up and running securely?
• Would you know if anything occurred that might
  create security risks?
• If you experienced a security incident, would you
  be able to quickly to return to production?

3
Overview of Security

• Security is a business issue
• Enables companies to safely conduct business
• Required for all companies
• Especially e-business and regulated industries
• Must protect assets, reputation, customer
  confidence
• Must limit liabilities
• Underscores performance, availability and
  reliability

4
Security Incidents are Rising Dramatically

• CSI / FBI survey shows increasing incidents and
  losses
• 80 cited a costly security incident this year
• Average security breach costs 2 million
• Inside jobs are most common and most costly
• Summary of Costs
• Financial Loss
• Business disruption
• A hacked Website will cost you hours of work
• A hacked Transaction Server will cost you your
  job!
• Loss or compromise of Intellectual Property
• Now the leading target of many hackers
• Loss of Trust
• Fatal for E-Business (CD Universe, Egghead.com)
• Liability to Other Companies and Shareholders

5
PentaSafe is Addressing 3 Common Problems

• All organizations face several challenges
• Securely Deploying Application Server and
  Applications
• Monitoring and Detecting Security Risks
• Responding to Security Incidents

6
Problem 1 Secure Deployments

• Proper deployment requires many tedious tasks
• Application Server, HTTP Server, SSL and CGI-bin
  must be configured correctly (before production)
• EJBs, Servlets and Components must be securely
  deployed
• Access Control Lists must be set-up properly
• Passwords must be strong
• Customers rarely follow best practices
• Time-to-market pressure and lack of expertise
  leaves most deployments susceptible to attacks
• Confirmed by findings from Download survey1
• 84 of respondents found security risks in
  WebLogic deployment
• 1 30 day Lite copy of VigilEnt for WebLogic is
  available for free download from BEAs website

7
Problem 2 Security Monitoring and Detection

• Difficult to detect changes to App Server
• Configuration, Applications, EJBs, Servlets, etc.
• Difficult to detect attempted intrusions
• Manual checks are not effective or efficient
• Result most App Server customers wont learn of
  security risks until after a costly incident

8
Problem 3 Incident Response

• Most companies lack security incident response
  plans
• Do not backup Secure Settings
• Lack capability to quickly restore transaction
  platform
• Lack capability to save tampered files for
  analysis and prosecution
• Result most companies will have trouble
  restoring their system and website
• Downtime is costly

9
BEA Users now have a Solution

• Through an exclusive partnership with BEA,
  PentaSafe enables WebLogic customers to
• Protect their platform from internal and external
  threats
• Prove their platform and applications are
  securely deployed
• Detect intrusions or events that may create
  security risks
• Respond quickly to incidents and restore website

10
VigilEnt for BEA WebLogic

• Industrys only solution that ensures WebLogic is
  securely deployed, monitored and maintained
• A Security Expert in a Box
• Identifies and corrects vulnerabilities caused
  by
• Misconfigured files, HTTP, SSL, and other file
  settings
• Old versions and missing patches
• Exploitable EJBs, Servlets, Components and
  Scripts
• Unmanaged Access Controls Lists and weak
  passwords
• Archives secure file settings
• Detects changes or events that may create
  security risks
• Provides automatic restoration and recovery

11
Product Demo
12
Exclusive Benefits for BEA Customers

• Enables painless secure deployment of WebLogic
  platform
• Allows you to conduct e-business on a Trusted
  platform
• Able to Prove it to your customers and partners
• Protects platform from internal and external
  security threats
• Minimizes risk of loss (financial, trust,
  credibility)
• Scalable and efficient solution
• Automates management of multiple servers
• Complementary with Access Management tools
• Netegrity, Securant, Tivoli, Entrust, Entegrity
• Only available for BEA WebLogic (increases your
  ROI)

13
Free Security Checkup from BEA

• BEA and PentaSafe offer a Free Security Checkup
  for BEA customers
• Takes less than 10 minutes to download, install
  and scan server for security risks
• Featured in BEAs Download Center at
• http//commerce.bea.com/downloads/weblogic_server_
  security.jsp
• Also available at www.pentasafe.com

14
In Summary

• Security is a must have and impacts developers,
  managers and executives
• Must ensure platform is securely deployed,
  monitored and maintain
• Manual checks arent efficient or effective
• VigilEnt for WebLogic is the only solution that
  solves this problem
• Free Security Checkup is available on the Web

15
For more information

• For sales support or questions
• Call 713.860.9572
• Email beainfo_at_pentasafe.com
• For a White Paper and Product Info
• www.pentasafe.com/beaweblogic.htm