New BreachGate™ Application Security Appliance Employs Hybrid Analysis Technologies to Provide Unprecedented Protection of Web Applications

BreachGate Detect 1.5 Combines Behavioral and Signature-Based Analysis of Web Traffic to Protect Against Known Attacks as well as Zero-Day Application Attacks and Web Worms

San Francisco (RSA Conference, Booth #1608) – Feb. 15, 2005 – Breach Security Inc., an emerging leader in deployable application security solutions, today announced the upgrade of its BreachGate™ Detect application security appliance, which protects large corporate and commercial applications from attacks by human and automated intruders that can result in identity theft, information leakage, privacy and regulatory violations. BreachGate Detect enhances information security at the Web application layer by not only monitoring and controlling traffic as it enters the application, but also as it leaves the application.

BreachGate Detect’s improved Adaption™ Behavioral Learning technology now detects changes made to an application and automatically updates the application profile. This latest upgrade to the BreachGate Detect appliance also incorporates a new analysis engine combining behavior and signature-based analysis, correlating anomalous events with application layer signature detection to provide detailed information about known attacks, as well as protection against zero-day and worm-based attacks. BreachGate Detect further improves detection accuracy by employing ExitControl™, a unique method of analyzing and protecting what leaves the network. ExitControl enables refined analysis of the outcome of attacks thus eliminating extraneous attack attempts.

“Combining ease of deployment with protective capabilities and hybrid analysis technologies, BreachGate Detect raises the bar for Web application protection solutions,” said Victoria Fodale, research analyst at In-Stat. “Current Web application security solutions have a number of flaws and this solution addresses the challenges customers have had with previous technologies.”

By integrating and leveraging the blocking mechanisms of inline protective devices that already exist in an organization’s infrastructure, such as firewalls, intrusion prevention systems, etc., BreachGate Detect protects Web applications without requiring deployment of additional inline devices. Organizations are hesitant to deploy inline application firewalls and gateways due to the significant risk of a disruption to legitimate business transactions by false positives or misconfigurations. This hesitance, combined with a forced collaboration required in the deployment of any new inline devices between security, network operations, risk and application teams within very large organizations has been a major factor in the slow adoption of such inline products. BreachGate solves that problem with a pure security solution that leverages the network infrastructure already in place.

The market focus on application security has grown dramatically from 2004 to 2005, largely resulting from three key changes in the marketplace:

• Hackers have changed. Once commonly seen as young online adventurers out to enhance a blackhat reputation, hackers are now criminals, startlingly well organized and focused on financial gain. Applications are their target because, as Willie Sutton once said about banks, “that’s where the money is.” http://www.fbi.gov/libref/historic/famcases/sutton/sutton.htm
• There is a rapidly growing societal focus, particularly in the North American markets, on the importance of the protection of privacy, identity and the integrity of online transactions. As online transactions become a larger part of every company’s revenue facing strategy, the risk of loss of trust has a real and definable financial cost.
• As application development increasingly occurs in distributed groups, often around the globe, there is widespread recognition that while solid, security best practice coding is an imperative, it is impossible to meet the application deployment deadlines of important, revenue-generating applications by waiting for perfect, trusted code. The risk of a back door in an application, developed thousands of miles away and activated months later after deployment is a risk few companies can take.

“For Web sites that process private customer information, application security is a huge concern from both a regulatory compliance standpoint and the business impact it can have on customer loyalty and brand integrity,” said John Payne, chief executive officer for Breach Security. “BreachGate Detect offers a low-cost automated solution to protect Web applications against cybercriminals, zero-day attacks and worms without requiring an inline deployment or constant reconfiguration and technical efforts to keep the security device in synch with constantly changing applications.”
BreachGate Detect features ExitControl, a unique method of delivering not only “hacker facing” security but a focus on analyzing and protecting what leaves the network as well. This upgrade also adds new reporting capabilities, providing forensic disclosure analysis for reporting required by California SB 1386 and AB 1950, executive summaries and details about attacks, forensics, information leakage incidents, backdoor accesses or changes detected in the application.
BreachGate Detect 1.5 is available now and pricing starts at $29,000 USD. To add value to existing security products, BreachGate Detect is also available through OEM licensing arrangements.

About Breach Security, Inc.

Breach Security, Inc. is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach’s solutions are ideal for any organization’s regulatory compliance requirements for security.  Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit: www.breach.com.

# # #

Media Contacts:

Breach Security, Inc. U.S.

Dan Chmielewski, Principal
Madison Alexander PR, Inc.
dchm@madisonalexanderpr.com
(949) 231-2965