IBM has introduced a comprehensive suite of solutions designed to help combat Web application attacks and secure the integrity of data processed by Web applications. As threats and attacks increasingly target Web applications, many enterprises have been forced to take a reactive approach to security with point products that address only pieces of Web application security and add to the complexity of security operations. In a solution designed to deliver end-to-end Web application security, IBM has brought together the breadth of its offerings, including security-rich code development, vulnerability management, real-time blocking of attacks, dedicated security and performance for Web services, and access management.

The latest component of the solution, IBM Proventia SiteProtector 8.0, integrates a consolidated security management system with Rational AppScan, an industry-leading solution for Web application vulnerability and secure code testing. SiteProtector 8.0 also incorporates IBM's recently announced Web application protection module for network and host intrusion prevention systems. This combined solution is designed to deliver multiple benefits to enterprises, including:

• Reduced security management operational costs

• Improved security posture

• Consolidated reporting infrastructure

• A common workflow system for managing security incidents

• Correlation of application vulnerabilities with potential security events and real-time attacks, enabling organizations to prioritize remediation to immediately address top threats

IBM's Web application security further demonstrates the strength of IBM security with integrated management consoles for software and hardware solutions, professional services for trusted expertise and managed security services that can help reduce the cost and complexity of security operations.

According to the latest statistics from the IBM X-Force 2009 Midyear Trend & Risk Report, Web application attacks continue to accelerate. For example, SQL injection attacks — attacks where criminals inject malicious code into legitimate Web sites, usually for the purpose of infecting visitors — rose 50 percent in Q1 2009 as compared to Q4 2008, and nearly doubled in Q2 at 96 percent as compared to Q1. The report concludes that the most common intent of Web application attacks are to steal and manipulate data and take command and control of infected visitors.

Because Web applications often rely on Web services and service oriented architecture (SOA), IBM has integrated the robust security and governance features of the purpose-built WebSphere DataPower SOA Appliances with the centralized management of Tivoli Security Policy Manager. The combination of Tivoli Security Policy Manager and WebSphere DataPower SOA Appliances can help to enable enterprise architects and security operations to align business and IT by centrally managing and enforcing security policies for Web services resources across multiple policy enforcement points. It can help to reduce the manual, inconsistent and costly administration of security policies and enable consistent enforcement of operational and lifecycle governance policies, with the ability to delegate and audit all changes to policies.

IBM SiteProtector 8.0 is also a key offering in IBM's Information Infrastructure portfolio for improved security, management and encryption. Proventia Server for Windows 2008, which helps organizations manage the security and compliance challenges in the heterogeneous datacenter, also is included in the portfolio, as is IBM Tivoli Identity Manager 5.1, which features role management for more effective enforcement of Separation of Duties. The portfolio also features encrypted disk support for the System Storage DS5000 and Tivoli Security Information and Event Manager's NERC module, security products that help improve security with little or no productivity impact.