Sanctum's AppShield Achieves ICSA Labs Certification for Web Application Policy Enforcement
SANTA CLARA, CALIF. August 7, 2001 -
Sanctum, Inc., the established leader in Web application control and security
software, today announced that its flagship product, AppShield, is the first
security product to achieve Certification for Web Application Policy Enforcement
(WAPE) from ICSA Labs, a division of TruSecure Corporation. AppShield, which
provides 24/7, automatic protection against any manipulation of Web applications,
met-and in some cases exceeded-all WAPE Certification Criteria, as set by ICSA Labs.
"ICSA Labs Certification is the standard by which security vendors' products are
tested, that encompasses the majority of the Internet security products in the
market," said George Japak, vice president of ICSA Labs. "Within the application
security category, Sanctum's AppShield product met the stringent requirements
of certification."
AppShield is the first solution to provide eBusinesses and service providers
with continuous, autonomous protection against Web application attacks, such
as the widespread "Code Red" worm. AppShield secures Web sites by blocking,
logging and alerting administrators to any type of application manipulation
through the browser, enabling enterprises to focus developer resources
on new products and services rather than debugging and patching existing
applications.
"The effects of application security breaches are devastating, as evidenced
by the recent outbreak of the Code Red worm," said Izhar Bar-Gad, CTO of Sanctum.
"Until companies invest in a complete Web application security solution, they
will continue to be plagued by destructive breaches of similar magnitude
to the Code Red worm. The ICSA Labs Certification validates what Sanctum
has already proven to its growing customer base-if AppShield is installed,
businesses can be sure their Web site and core data will not be perverted
by intruders."
To achieve ICSA Labs Certification for WAPE, Sanctum's AppShield met
the requirements for: Required Security Enforcement Policy, Logging,
Documentation and Administration.
- Sanctum is the first company to satisfy the requirements for Required
Security Enforcement Policy by detecting and preventing all ten types
of Web application breaches, including: hidden manipulation,
cookie poisoning, application buffer overflow, stealth commanding,
parameter tampering, cross site scripting, forceful browsing, backdoor
and debug options, third party misconfigurations and known vulnerabilities.
- In the case of Logging, the AppShield Management Console provides the
capability to monitor logs real-time for successful and unsuccessful attacks
and enables multiple users to view logs simultaneously.
- In the case of Documentation & Administration, Sanctum provides the required
elements of support for installation, configuration of the
Required Security Enforcement Policy and ongoing product maintenance.
About TruSecure Corporation & ICSA Labs
TruSecure provides global 10,000 companies with comprehensive enterprise risk
management programs that assure the ongoing security of their critical systems
and information. By integrating disparate security products and processes
into a comprehensive risk management program, TruSecure helps hundreds
of companies achieve greater risk reduction at lower cost. TruSecure's ICSA Labs
is the security industry's central authority for product standards and testing,
and today certifies more than 95% of the market's anti-virus software,
network firewalls, cryptography and IPSec products. Based in Reston, VA, TruSecure
Corporation is privately-held with investors including J. & W. Seligman & Co.,
J.P. Morgan Partners, Weston Presidio Capital, Greylock and WaldenVC.
About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the
recognized leader for Web application security solutions. Sanctum software
solutions provide automatic enforcement of intended business processes, ensuring
the protection of core information and data. By detecting and defending against
any unauthorized behavior, Sanctum protects customers against malicious
cybercriminal activity-from theft of intellectual property and customer
data, to e-commerce fraud and Web site defacement-even if a site has unknown
security holes or flaws. Sanctum's solutions complete a company's security
infrastructure, assure regulatory compliance, and create sustainable ROI.
Sanctum's customers include industry leaders in finance, retailing, healthcare,
government and telecommunications. Privately held, Sanctum is funded
by blue-chip venture capital firms and industry leaders including
Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures,
First Union eVentures Group, Mofet Israel Technology Fund and Walden Israel.
For more information, visit www.SanctumInc.com
or contact the Company directly at (408) 352-2000.
# # #
AppScan and AppShield are trademarks of Sanctum, Inc. All other product
names referenced are the property of their respective owners and
are hereby acknowledged.
For Immediate Release
Contact:
Sue Fliess
Sanctum, Inc.
(408) 352-2000
[email protected]
Drea Garrison or Tara Dugan
Schwartz Communications, Inc.
(415) 512-0770
[email protected]
|