"XML is the new carrier of mainstream viruses and worms, allowing all sorts of malware to bypass firewalls and desktop antivirus scanners and allowing hackers to cloak their attacks. This affects all networks -- even enterprises not yet utilizing Web services are vulnerable and may be unknowingly spreading viruses through their packaged business applications. We are pleased to partner with CA to head off the emerging threat factor of `XML-malware' with proven antivirus technology in an easy-to-manage and cost-effective system," said Wes Swenson, CEO of Forum Systems.
"XML-based applications and service-oriented IT environments are engendering new threats and vulnerabilities that require updated security strategies and technologies," said Sam Curry, vice president of eTrust security management at CA. "By partnering with CA, Forum is offering a unique and effective solution for the Web service security challenge -- one that significantly reduces risk and security-related IT workloads."
According to a study by Computer Economics (www.computereconomics.com), the cost of worldwide losses from virus attacks is on the rise again, after dipping in 2001 and 2002. In 2004, the cost reached an all-time high of $17.5 billion. These numbers are expected to increase with the growth of extended enterprises and SOAs where businesses are tied together in complex, global networks and exposed to cascading effects of viruses and other malicious software. The damage inflicted by a single attack can snowball to bring down a company's business operations.
According to Gartner analyst Ray Wagner, "As usage of Web services rises, so does the threat of self-replicating attacks on Web services." Gartner estimates that, by 2008, at least 30 percent of enterprises exposing Web services to the Internet will experience successful attacks causing more than four hours of downtime to business-critical functions (0.7 probability).
XML risk mitigation strategies have heretofore focused on guarding internal IT resources such as Web servers, database servers or PCs. Forum System points out that, in a well-connected world, a strategy that is biased towards trust-only mechanisms is dangerously one-sided and does not adequately protect against new methods of cyber security attacks.
Added Swenson, "Well-orchestrated threat protection solutions are the only way companies can limit enterprise exposure. By starting with threat protection as a best practice, enterprises can reduce 80 percent of their Web services risk at a fraction of the cost and effort of more complex internal trust management solutions."