Stratum8 Networks Partners with nCipher to Secure Enterprise Web Applications
nCipher’s nForce Protects Cryptographic Keys for Stratum8’s Application Protection System
SUNNYVALE, Calif. – July 31, 2002 – Stratum8 Networks, Inc., a developer of innovative Web-application security solutions and nCipher, a leading provider of cryptographic IT security solutions, today announced their joint marketing, sales and technology agreement which integrates nCipher’s SSL acceleration and security solutions into Stratum8’s new Application Protection System (APS) [tm?] device. This integrated solution protects the Web applications and SSL transactions of Fortune 1000 companies and large organizations with high-volume, security-sensitive Web transactions, such as banking and financial institutions, government organizations, e-retailers and online service providers (ISP/ASPs).
“By integrating nCipher’s nForce with our APS, we are able to offer a swift, secure solution for those customers that require SSL sessions be terminated at the APS device,” said Abhishek Chauhan, Chief Technology Officer for Stratum8 Networks. “In this scenario the data is re-encrypted prior to secure transmission to the Web server for higher performance, higher security, and to conform to financial, healthcare and FIPS requirements.”
Most malicious hacking attacks are targeted at the web application level. Unlike intrusion detection and virus scanning solutions that can only analyze against known signatures after an intrusion has occurred, the nCipher and Stratum8 solution blocks malicious activity from ever reaching the Web servers and corrupt corporate data. The challenge is to maintain this ability to analyze traffic even when the connections to the Web site are encrypted using SSL. Firstly, processing SSL can impose a serious performance penalty if not implemented correctly and secondly, the act of opening up a window to inspect SSL encrypted traffic creates a security loop-hole that could be used by hackers to extract sensitive or private information. The combination of Stratum8’s APS device and nCipher’s nForce hardware security module (HSM) overcomes both these issues and results in a system capable of real-time analysis of user activity even when SSL security is enabled. The result is a FIPS- (Federal Information Processing Standard) certified security infrastructure that can block malicious zero-day and known attacks, without adding latency to the network and therefore harming the user experience.
“Financial institutions, government agencies, healthcare and other Fortune 5000 companies are looking to get more power and functionality out of every device in the datapath,” said Neil Osipuk, directing analyst, Infonetics Research. “Web application firewalls and SSL are vital and complementary components in enterprise security architectures; combining the two makes perfect sense. Stratum8’s ability to proactively detect and stop attacks in real-time, coupled with nCipher’s FIPS-validated security and SSL acceleration hardware, allows organizations to protect their high-value Web applications while maintaining the integrity of SSL encrypted traffic with a single device.”
“Stratum8 have taken an innovative approach to protecting an organization’s Web infrastructure in the important area of application protection and intrusion prevention. They provide another clear example of the fact that a variety of networking devices from content caches to load balancers and firewalls now find it necessary to “unlock’ SSL encrypted traffic in order to provide maximum value,” said Nicko van Someren, Chief Technology Officer for nCipher. “However, this capability results in these devices becoming potential points of attack and as a result they need to be trustworthy. We are pleased that Stratum8 has selected nCipher hardware to help achieve this.”
The new APS solutions featuring nCipher technology are available immediately. Prices start at $30,000 per APS device (each device protects 5-10 web servers). Additional pricing and product information are available from the company’s website or by calling 408-830-2800.
About Stratum8 Networks
Stratum8 Networks, Inc. develops innovative security solutions that proactively protect enterprises from intrusion and damage at the Web application level, the fastest growing area of information system vulnerability. Stratum8’s products provide the highest available levels of application security with the fastest deployment and lowest total costs of ownership. The company’s flagship APS products are designed to protect web applications for large enterprises, financial institutions, healthcare companies, online retailers and service providers, and government organizations as part of a layered, security architecture. Founded in 2000, the company is headquartered in Sunnyvale, Calif. Stratum8 Networks is backed by BA Venture Partners, New Enterprise Associates, and other leading investors. www.stratum8.com
About nCipher
nCipher is redefining cryptographic security to protect points of risk across the enterprise—from network appliances to Web servers, to custom software applications and back-end databases. nCipher provides hardware and software solutions that enable organizations to implement best practice security by addressing the challenges of cryptographic key management and performance. Many of the world’s leading organizations—from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy—rely on nCipher to deliver a sound e-security infrastructure. nCipher’s products are particularly well suited to organizations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, e-retailers and online service providers. nCipher is listed on the London Stock Exchange as a TechMARK 100 company (LSE:NCH) with offices in Cambridge, UK; Boston, New York, San Francisco, Dublin, Paris, Hamburg, Hong Kong and Tokyo. For more information on nCipher, visit www.ncipher.com.