m a n a g i n g & a c c e l e r a t i n g x m l w e b s e r v i c e s s e c u r i t y

D e f e n d i n g I n f o r m a t i o n – A c r o s s T i m e a n d S p a c e

Information is the life-blood of a company’s business...however, a large percentage of today’s businessdocuments lay unprotected within databases and file systems, are emailed without any sort of encryptionor find their way to personnel with insufficient access privileges. Information privacy is a major concernas new methods of conducting business are adopted, such as peer-to-peer, store-and-forward and gridnetworks.

The extended enterprise is staring at a stark situation of intellectual property theft and uncontrolledinformation disclosure unless the necessary steps are taken to lock-down all sensitive information –across time and space. Information self defense systems are crucial to persistently protect dataacross its life-cycle – in-processing, in-transit as well as in-storage.

Forum Systems Inc. develops and markets Content Security Infrastructure that actively guardsdata as it moves between and within enterprises – at the origin, during transmission, and after itreaches its destination.

Forum Systems content security infrastructure addresses:

Trust Management – prevent unauthorized data access, spying, forgery and tampering Identity Authentication Message ConfidentialityAccess Control Payload Integrity

Threat Protection – protection against application and data miss-use and abuseIntrusion Detection and Prevention Virus DetectionTraffic Management Application Availability

w w w . f o r u m s y s t e m s . c o m

FO

RU

M

PR

ES

ID

IO

™D

AT

A

SH

EE

Tp

gp

g

at

ew

ay

a

pp

li

an

ce

As more information moves between applications that are not in the immediate control of the originator, itbecomes essential to guarantee that only the intended recipients are given appropriate access privileges tothe information – wherever it resides. This means a document that is sent across to a trading partner needsto be sealed until the time of processing. Assurances need to be made that information is not only tamper-proof and confidential during transit but also upon arrival, in-storage and during processing.

F o u r B u s i n e s s I m p e r a t i v e s D r i v i n g C o n t e n t S e c u r i t y

preventunauthorized informationdisclosure during collaborative activities

Collaborative applications using peer-to-peer, store-and-forward or grid networks expose business data to anew and extended group of users – in real-time and across corporate boundaries. Strict enforcement of doc-ument accessibility goes beyond access control and must include confidentiality across boundaries, auditingand accountability. Assurances need to be made that access to documents is constantly monitored againstintrusions, attacks and other threats from trusted as well as un-trusted users.

guardsensitive applicationinterfaces & documentworkflows

Sweeping regulations (corporate and government) to protect the privacy of end-user and client informationrequire enterprises to take ownership of information security across its lifecycle. All of the industry-specificregulations are focused on content security and policies that enforce information security across time andspace. Assurance need to be made that information is, at minimum, persistently protected and that bestpractices for each of the regulations are systematically enforced.

complywith government initiativessuch as Federal E-SIGN law,eGov Strategies, HIPPAand Gramm-Leach-Bliley

Mobility through laptops and wireless devices can quickly lead to highly sensitive information lying unpro-tected on hard disks and data stores. Assurances need to be made that information is protected end-to-endand throughout its lifecycle.

protectdata on desktops, applica-tion servers, databases andmobile devices

Business document workflows are one of the weakest links in enterprise information security. A disgruntledworker or unauthorized contractor can readily duplicate, modify or steal business documents without anyenterprise fail safe mechanisms. In fact, a 2003 CSI / FBI security report stresses that security risks from internalthreats are on the rise with consequences more lethal than external user hacking.

Many organizations are turning to PGP (Pretty Good Privacy) as a means to persistently protect their mission-critical enterprise documents because of its universality. PGP offers company’s a standards basedapproach to encrypting and digitally signing documents between business parties. It is becoming a de-factostandard for secure content exchange offering similar benefits to XML Encryption and S/MIME.

Unfortunately, today’s options for deploying PGP-enabled enterprise applications are anything but pretty –requiring the development of scripted programs using custom APIs. On top of tedious and repetitive PGPimplementations, organizations are then charged exorbitant and recurring license fees for PGP technologythat is freely available as open source.

Bottom line: Using PGP is costly and high maintenance – until Forum Presidio™

FO

RU

M

PR

ES

ID

IO

™D

AT

A

SH

EE

Tp

gp

g

at

ew

ay

a

pp

li

an

ce

m a n a g i n g & a c c e l e r a t i n g x m l w e b s e r v i c e s s e c u r i t y

D o c u m e n t L i f e c y c l e P r o t e c t i o n

Authenticate

transparently intercepts incoming &outgoing traffic and applies securitypolicies

standard FTP clientstandard FTP server

c o m p a n y A

Policy Lookup

Encrypt

Decrypt

Key Gen

Sign / Verify

XML-WS Secftp,ssl/tls,

http

With Presidio, Forum Systems delivers the world’s first PGP in an Appliance solution that significantlyreduces the Total Cost of Ownership by offering instant secure content exchanges between collaborativee-business applications.

F o r u m P r e s i d i o ™ — R e v o l u t i o n a r y P l u g a n d P l a y G a t e w a y D e p l o y m e n t

P r e s i d i o ™ G a t e w a y A p p l i a n c e

• No special software required on Clients desktops or Servers• Works with existing FTP Clients and FTP Servers• No client PGP encryption software required• Integrated transport proxy support (FTP and SSL/TLS)

FO

RU

M

PR

ES

ID

IO

™D

AT

A

SH

EE

Tp

gp

g

at

ew

ay

a

pp

li

an

ce

m a n a g i n g & a c c e l e r a t i n g x m l w e b s e r v i c e s s e c u r i t y

w w w . f o r u m s y s t e m s . c o m

P r e s i d i o ™ B u s i n e s s B e n e f i t s

Reduce Overall PGP Costs up to 80% versus Alternatives

• The Presidio™ is license free• The Presidio™ is easy to manage and deploy • The Presidio™ is API- and SDK-free• The Presidio™ is script-free• The Presidio™ includes a secure document exchange job scheduler

Future-Proof Migration to Web Services

• The Presidio™ includes XML Encryption / Decryption• The Presidio™ includes XML Digital Signatures• The Presidio™ includes SAML and other Web Services security functionality

Immediate Compliance with regulations including: GLB, HIPAA, SEC Books & Records, etc.

• The Presidio™ requires no custom application integration work• The Presidio™ operates with any platform, including mainframes• The Presidio™ provides transaction archiving for audit trails

Advanced Technology and Architecture

• Integrated PGP Key Management reduces IT costs and headaches • Appliance is application-agnostic and requires no custom APIs or scripting• Seamless upgrades to comprehensive support XML-WS Security• Integrated transport protocols (FTP, HTTPS) streamlines deployment • Removes client side software and moves IT toward zero end-user intervention

S t a r t D e f e n d i n g A l l Y o u r I n f o r m a t i o n T o d a y

The Presidio™ is the only secure content exchange solution that provides both PGP data encryptionas well as XML Web Services security, allowing organizations to maintain their current EDI technologyinvestments with a migration path to secure XML.

By supporting the full range of XML Web Services Security functionality (Digital Signatures, XMLEncryption, SAML etc.), the Presidio is a future-proof security solution that bridges legacy data toXML-based Web Services.

Discover how Presidio can save your company time and money while preparing for the future atwww.forumsystems.com

FO

RU

M

PR

ES

ID

IO

™D

AT

A

SH

EE

Tp

gp

g

at

ew

ay

a

pp

li

an

ce

m a n a g i n g & a c c e l e r a t i n g x m l w e b s e r v i c e s s e c u r i t y

w w w . f o r u m s y s t e m s . c o m

P r e s i d i o ™ T e c h n i c a l S p e c i f i c a t i o n s

Server Side PGP Encryption Gateway• Enforcing enterprise policy at the edge of the network automates the security process.• Transparently intercepts messages for encryption and digital signatures.

Centralized PGP Key Management • Key generation • Key import / export• Key deletion• Key backup and recovery

Transport Protocol Support• HTTP(S) Proxy with full client- and server-SSL mutual authentication. • FTP Proxy with local and remote user authentication and access control policies.

Logging & Auditing • XML as well as Non-XML Data Archiving to Oracle, IBM and MySQL.• SysLog• SNMP v2 and v3 with FORUM MIB

XML Security Processing• Optionally process XML data using XML Web Services Security. • Security Assertion Markup Language (SAML)• WS-Security Digital Signatures• XML Encryption Specification • XML Validation and XSLT Transformation

PGP Algorithms and Interoperability • RSA, DSA and Diffie-Hellman• DES, 3DES, CAST-5• Key size up to 4096 • IETF Standard OpenPGP RFC 2440

PGP Security Operations• PGP Encryption / Decryption• PGP Signature / Signature Verification

Access Control• Local user authentication at the gateway• Remote user authentication from the FTP server• Can disable user@host syntax for tighter control• LDAP integration

Local Authentication • Bind keys to users• Route users based on login to different back end FTP servers

IDP/DOS• Configure the number of connections per listener• Configure the timeout per connection