Layer 7 adds clustering support to XML firewall

With IBM Corp recently acquiring XML appliance rival DataPower, Layer 7 Technologies Inc is responding by trying to technically leapfrog the competition. Layer 7 is adding clustering support to its XML gateway, which should strengthen enforcement of security policy.

Layer 7’s new version 3.5 operating system for its SecureSpan adds new cluster policy and session maintenance features.

Layer 7’s products offload process-intensive XML functions such as parsing, security policy, and access control enforcement. Traditionally, if you wanted to add more firepower, you would have had to apply load balancing outside the gateway to manage traffic.

The drawback of that approach, according to Layer 7 vice president of marketing Dimitri Sirota is that policy enforcement and session control is not automatically applied to each device. Instead, you have to manually configure or reconfigure the devices to run the current policy. Layer 7’s latest release automatically replicates policy when its devices are clustered.

Another challenge with clustered gateway appliances is tracking session state. That is critical for defending against so-called replay attacks, which attempt to pierce the perimeter through multiple repeat sessions that resemble denial of service attacks. With Layer 7’s new clustering support, sessions are tracked centrally, thereby undercutting potential intrusions.

A byproduct of the clustering support is implied failover. Because policy and sessions are managed centrally, when one device goes down, routine gateway functions continue.

Layer 7’s new 3.5 Security operating system with clustering support is available now.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing