Follow on Google News News By Tag * Cybersecurity Software * WebSphere security * PCI-DSS Compliance * Penetration Testing * SOA * BPIC * Middleware Security * More Tags... Industry News News By Place Country(s) Industry News
Follow on Google News | Evans Resource Group Releases 2008 – 2010 Interconnectivity Security Threat ReportNew report shows dramatic increase in the number of data breaches and attacks on the business process interconnectivity network layer, due to misconfiguration and lack of administrative hardening.
By: Evans Resource Group The report summarizes that the historical result of deploying interconnectivity products such as IBM’s WebSphere Message Queue (WMQ) and Enterprise Service Bus (ESB), formerly known as WebSphere/Neon Message Broker in an “out-of-the- “Data security compliance is becoming increasingly more stringent and important with internet- based applications spanning industries and geographies” The BPIC layer acts as glue that binds different databases and programs on different computers, enabling multiple applications to work together in harmony. Trillions of dollars of transaction value flow weekly through this network layer and if the layer experiences any performance problems or hacks, it can wreak havoc across an organization’ “Our research and findings have uncovered a pervasive vulnerability associated with the installation and maintenance of BPIC products, including IBM’s WebSphere Application Server (WAS) and WMQ which can lead to unauthorized administrative access, a critical infrastructure vulnerability that allows hackers to own the system, “ said Ali Valdez, Vice President of Operations at Evans Resource Group. “In fact, nearly 90% of the penetration testing we’ve done has revealed access control vulnerability within the business process interconnectivity layer not just the network perimeter.” Among the report’s key findings: Nearly 90% of interconnectivity environments tested by Evans Resource Group are not administratively hardened with strong administrative passwords, leaving internal systems wide-open for hackers to gain unauthorized administrative access. Misconfiguration is now one of the top 10 breach vectors according to the Open Web Application Security Project (OWASP) BPIC misconfiguration has resulted in numerous high-notoriety attacks including the Hannaford and Heartland breaches. The BPIC layer is a prime target for hackers Perimeter security is not the same as interconnectivity security A free copy of the full report is available for download at: http://www.evansresourcegroup.com/ About Evans Resource Group, Inc. New York-based Evans Resource Group (ERG) is a global leader in Service Oriented Architecture (SOA) and Business Process Interconnectivity (BPIC) security. Our patent-pending testing, mapping and monitoring software offerings combine with our expert assessment and remediation consulting services to provide a comprehensive and holistic approach to an area of the network that is overwhelmingly lacking in security; the business process interconnectivity space. We specialize in BPIC and SOA applications and providing solutions for data security and IT governance in the government and commercial sectors. As a trusted IBM business partner and IBM WebSphere MQ specialists, we provide all levels of critical BPIC infrastructure security consulting. ERG offers a modular and sequential set of consulting offerings, including our flagship penetration- All company, brand, and product names referenced herein may be trademarks or registered trademarks of their respective owners. # # # With satellite offices throughout New England, Connecticut- End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|