Breach Security Prevents Web Site Attacks, Defacements and Privacy Violations with BreachGate™ Sitegrity

Security Appliance Assures the Integrity of Government and Corporate Web Presence; Prevents Privacy Violations and Identity Theft with Unique ExitControl Technology

CARLSBAD, Calif. – Feb. 8, 2005 – Breach Security Inc., an emerging leader in deployable application security solutions, today announced the availability of BreachGate™ Sitegrity, a unique Web application security appliance that protects the global Web presence of large corporations and the government from malicious defacement, intrusions and hacker-induced information leakage. Part of the BreachGate product line of application security products, Sitegrity is widely used by government agencies and large corporations.

Hackers have proven they can gain access to even the best protected corporate and government Web servers. Conventional security solutions were designed to detect and prevent attacks from trespassing across the organization’s network perimeter, but do not offer a remedy in cases where the attack originated from within the perimeter or launched through deliberately open ports in firewalls that serve key applications. Additionally, most solutions do not limit the public damage if and when hackers get in – a highly probable event. As most solutions do not address the inherent security risk involved in software outsourcing and the potential of information leakage as it relates to privacy regulations, organizations are scrambling to find a technology solution to ensure the integrity of their Web site.

In response, BreachGate Sitegrity closes this dangerous gap by ensuring that only authentic, original data leaves the organizations’ Web server. The key ingredient that makes Sitegrity unique is ExitControl™, a powerful technology that authenticates and evaluates the application stream as it leaves the network. In many cases ExitControl not only identifies and blocks unauthentic and potentially damaging material before it leaves the network, but also substitutes authentic, non-manipulated content to assure business continuance and delivery to the customer – even in the middle of a security penetration.

Corporations and government agencies provide vital, often time-sensitive and private information services to meet the needs of their customers. With Breach Security’s Sitegrity product, customers have the added confidence that the vital information delivered to users is authentic and correct, and assure authenticated delivery even during security incidents. Sitegrity also enforces policy controls for who is authorized to post new content to the web server, protecting customers from the internal threat as well as external attacks.

Examples of security intrusions where organizations risk brand damage, business interruption, financial exposure and even regulatory offenses from site manipulation, embedded Trojans and other human and automated intruders include:

• Defacement of large government, military or corporate Web sites, either as a practical joke, a statement of political activism or an attempt at financial extortion, events that occur every day. For example, a state tax web site supplies an address for users to mail their tax checks. Simply changing two digits of the post office box number can send all checks to wrong place. The cost of such a breach – in actual dollars and damaged reputation – would be staggering.
• Hackers deploying malicious malware such as the recent Bofra worm, which can attack innocent visitors to a usually “safe” site. In one recent case, hackers penetrated a site that serves banner advertisements to many European customers. As a result, the Bofra worm was introduced and took control of the computers of thousands of Internet users after they merely browsed a normally safe site.
• In a similar attack, the Santy worm used Google, AOL and Yahoo! search engines to find pages coded with vulnerable PHP Bulletin Board (phpBB) software. The worm erased the original Web site content and instead displayed its own text.

Whether the loss is political embarrassment, millions of dollars in revenue or the prospect of an unwanted regulatory visit and very public disclosure of an organization’s inability to protect its customer’s private information, that cost is too high. Sitegrity, with its powerful ExitControl™ feature, stops every single one of these intrusions in its tracks, while guaranteeing continued service to users in the process.

“ExitControl is a powerful tool in the battle against the new breeds of propagating worms such as Bofra,” said Kevin Overcash, vice president of product management for Breach Security. “And as attacks get more targeted and are perpetrated by professional thieves rather than hobbyists and teenagers, more serious protection is required.”

BreachGate Sitegrity is available in several models designed to accommodate a full range of Web server protection performance needs. Prices start at $29,000 and these high-performance, reliable appliances are scalable to the needs of very large organizations and government agencies.

About Breach Security, Inc.

Breach Security, Inc. is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach’s solutions are ideal for any organization’s regulatory compliance requirements for security.  Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit: www.breach.com.

# # #

Media Contacts:

Breach Security, Inc. U.S.

Dan Chmielewski, Principal
Madison Alexander PR, Inc.
dchm@madisonalexanderpr.com
(949) 231-2965