02:15 PM

Review: XML Gateways

Network Computing tested three security devices and, although they all impressed, our top pick edged past the others thanks to stellar performance, flexibility and integration. Find out which one it is.

The XML security space is still experiencing growth even as mergers and acquisitions work to narrow the field. Two years ago, many of the products on the market today were labeled XML firewalls. However, we chose to call them security gateways (see "Enemy at the Gateway," ID# 1421f1) because they were expected to do more than conventional firewalls.

The industry latched on to that, and we saw many products renamed to include the term security gateway. So when we sent out an invitation to participate in an XML firewall review, we should have known we'd have problems with vendors that didn't want to be limited by such a name. ForumSystems, for example, launched a separate product line, the XWall, to address differences in expectations. Ironically, considering it's a no-show, the XWall is likely the only product in this market to truly represent the conventional definition of a firewall, as it does nothing more than protect against XML threats, leaving triple-A duties to its big brother, the Forum Sentry.

In addition, several players have broken off and "invented" the XML VPN, which is little more than an XML security gateway with a special focus on managing a point-to-point secure connection between two partners.

The result is confusion. There are XML firewalls, XML security gateways, Web services security gateways and XML VPNs. But what appears to be fragmentation is not--with the exception of the XWall, the product name is simply a vendor mechanism for claiming a niche in the larger XML security market. All these devices, regardless of name, provide the same basic functionality in terms of securing Web services; the differences are limited to the amount of attention paid to management, auditing, interoperability and standards support.

We're certain the renaming craze is nothing more than positioning as vendors vie for higher visibility and uniqueness in a market that is rapidly growing in terms of dollar value and mind share. As we were writing this article, Digital Evolution changed its corporate name to SOA Software, further muddying the waters by embracing the hype surrounding the SOA (service-oriented architecture) moniker. We expect to see more product name changes in the coming months to take advantage of the buzz SOA is receiving.

With apologies to Shakespeare, we'll simply say an XML firewall by any other name is still in the business of securing XML and Web services. Functionality and features, not semantics, will determine market leadership.

8 of 10
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.