Title: Trusted EBusiness: Security Management for the WebLogic Platform PentaSafe Security Technologies Oct
1Trusted E-Business Security Management for the
WebLogic PlatformPentaSafe Security
TechnologiesOctober 12, 2001
2Security Check-Up Quiz
- Do you know if your platform is secure?
- Can you prove your Server, Applications and
Components were set up and running securely? - Would you know if anything occurred that might
create security risks? - If you experienced a security incident, would you
be able to quickly to return to production?
3Overview of Security
- Security is a business issue
- Enables companies to safely conduct business
- Required for all companies
- Especially e-business and regulated industries
- Must protect assets, reputation, customer
confidence - Must limit liabilities
- Underscores performance, availability and
reliability
4Security Incidents are Rising Dramatically
- CSI / FBI survey shows increasing incidents and
losses - 80 cited a costly security incident this year
- Average security breach costs 2 million
- Inside jobs are most common and most costly
- Summary of Costs
- Financial Loss
- Business disruption
- A hacked Website will cost you hours of work
- A hacked Transaction Server will cost you your
job! - Loss or compromise of Intellectual Property
- Now the leading target of many hackers
- Loss of Trust
- Fatal for E-Business (CD Universe, Egghead.com)
- Liability to Other Companies and Shareholders
5PentaSafe is Addressing 3 Common Problems
- All organizations face several challenges
- Securely Deploying Application Server and
Applications - Monitoring and Detecting Security Risks
- Responding to Security Incidents
6Problem 1 Secure Deployments
- Proper deployment requires many tedious tasks
- Application Server, HTTP Server, SSL and CGI-bin
must be configured correctly (before production) - EJBs, Servlets and Components must be securely
deployed - Access Control Lists must be set-up properly
- Passwords must be strong
- Customers rarely follow best practices
- Time-to-market pressure and lack of expertise
leaves most deployments susceptible to attacks - Confirmed by findings from Download survey1
- 84 of respondents found security risks in
WebLogic deployment - 1 30 day Lite copy of VigilEnt for WebLogic is
available for free download from BEAs website
7Problem 2 Security Monitoring and Detection
- Difficult to detect changes to App Server
- Configuration, Applications, EJBs, Servlets, etc.
- Difficult to detect attempted intrusions
- Manual checks are not effective or efficient
- Result most App Server customers wont learn of
security risks until after a costly incident
8Problem 3 Incident Response
- Most companies lack security incident response
plans - Do not backup Secure Settings
- Lack capability to quickly restore transaction
platform - Lack capability to save tampered files for
analysis and prosecution - Result most companies will have trouble
restoring their system and website - Downtime is costly
9BEA Users now have a Solution
- Through an exclusive partnership with BEA,
PentaSafe enables WebLogic customers to - Protect their platform from internal and external
threats - Prove their platform and applications are
securely deployed - Detect intrusions or events that may create
security risks - Respond quickly to incidents and restore website
10VigilEnt for BEA WebLogic
- Industrys only solution that ensures WebLogic is
securely deployed, monitored and maintained - A Security Expert in a Box
- Identifies and corrects vulnerabilities caused
by - Misconfigured files, HTTP, SSL, and other file
settings - Old versions and missing patches
- Exploitable EJBs, Servlets, Components and
Scripts - Unmanaged Access Controls Lists and weak
passwords - Archives secure file settings
- Detects changes or events that may create
security risks - Provides automatic restoration and recovery
11Product Demo
12Exclusive Benefits for BEA Customers
- Enables painless secure deployment of WebLogic
platform - Allows you to conduct e-business on a Trusted
platform - Able to Prove it to your customers and partners
- Protects platform from internal and external
security threats - Minimizes risk of loss (financial, trust,
credibility) - Scalable and efficient solution
- Automates management of multiple servers
- Complementary with Access Management tools
- Netegrity, Securant, Tivoli, Entrust, Entegrity
- Only available for BEA WebLogic (increases your
ROI)
13Free Security Checkup from BEA
- BEA and PentaSafe offer a Free Security Checkup
for BEA customers - Takes less than 10 minutes to download, install
and scan server for security risks - Featured in BEAs Download Center at
- http//commerce.bea.com/downloads/weblogic_server_
security.jsp - Also available at www.pentasafe.com
14In Summary
- Security is a must have and impacts developers,
managers and executives - Must ensure platform is securely deployed,
monitored and maintain - Manual checks arent efficient or effective
- VigilEnt for WebLogic is the only solution that
solves this problem - Free Security Checkup is available on the Web
15For more information
- For sales support or questions
- Call 713.860.9572
- Email beainfo_at_pentasafe.com
- For a White Paper and Product Info
- www.pentasafe.com/beaweblogic.htm