The XML security space is still experiencing growth even as mergers and acquisitions work to narrow the field. Two years ago, many of the products on the market today were labeled XML firewalls. However, we chose to call them security gateways (see "Enemy at the Gateway," ID# 1421f1) because they were expected to do more than conventional firewalls.
The industry latched on to that, and we saw many products renamed to include the term security gateway. So when we sent out an invitation to participate in an XML firewall review, we should have known we'd have problems with vendors that didn't want to be limited by such a name. ForumSystems, for example, launched a separate product line, the XWall, to address differences in expectations. Ironically, considering it's a no-show, the XWall is likely the only product in this market to truly represent the conventional definition of a firewall, as it does nothing more than protect against XML threats, leaving triple-A duties to its big brother, the Forum Sentry.
In addition, several players have broken off and "invented" the XML VPN, which is little more than an XML security gateway with a special focus on managing a point-to-point secure connection between two partners.
The result is confusion. There are XML firewalls, XML security gateways, Web services security gateways and XML VPNs. But what appears to be fragmentation is not--with the exception of the XWall, the product name is simply a vendor mechanism for claiming a niche in the larger XML security market. All these devices, regardless of name, provide the same basic functionality in terms of securing Web services; the differences are limited to the amount of attention paid to management, auditing, interoperability and standards support.
We're certain the renaming craze is nothing more than positioning as vendors vie for higher visibility and uniqueness in a market that is rapidly growing in terms of dollar value and mind share. As we were writing this article, Digital Evolution changed its corporate name to SOA Software, further muddying the waters by embracing the hype surrounding the SOA (service-oriented architecture) moniker. We expect to see more product name changes in the coming months to take advantage of the buzz SOA is receiving.
With apologies to Shakespeare, we'll simply say an XML firewall by any other name is still in the business of securing XML and Web services. Functionality and features, not semantics, will determine market leadership.