Evans Resource Group Releases 2008 – 2010 Interconnectivity Security Threat Report
New report shows dramatic increase in the number of data breaches and attacks on the business process interconnectivity network layer due to misconfiguration and lack of administrative hardening.
Online PR News – 11-March-2012 – – NEW YORK, NY — Evans Resource Group, Inc., a leading security testing and consulting company that specializes in Service Oriented Architecture (SOA) and Business Process Interconnectivity (BPIC) security, has released its inaugural 2008-2010 Interconnectivity Security Threat Report, which shows a dramatic increase in the number of data breaches and attacks on the business process interconnectivity network layer, due to misconfiguration and lack of administrative hardening.
The report summarizes that the historical result of deploying interconnectivity products such as IBM’s WebSphere Message Queue (WMQ) and Enterprise Service Bus (ESB), formerly known as WebSphere/Neon Message Broker in an “out-of-the-box” manner without configuring security parameters properly, has led to increased Distributed Denial of Service (DDoS) attacks, malware insertion, and remote code execution.
“Data security compliance is becoming increasingly more stringent and important with internet- based applications spanning industries and geographies”, said M. Ariel Evans, Managing Director of Security and Response for Evans Resource Group. “The data security triad of confidentiality, integrity, and accessibility crosses all regulatory boundaries including the Healthcare Insurance Portability & Accountability Act (HIPAA), the Sarbanes Oxley Act (SOX), EU Data Directive and the Payment Card Industry Data Security Standard.”
The BPIC layer acts as glue that binds different databases and programs on different computers, enabling multiple applications to work together in harmony. Trillions of dollars of transaction value flow weekly through this network layer and if the layer experiences any performance problems or hacks, it can wreak havoc across an organization’s entire network – resulting in compromised data security, insertion of rogue data, interrupted workflows of transactions, expensive downtime via DDOS, and possible legal action where business partners are impacted.”
“Our research and findings have uncovered a pervasive vulnerability associated with the installation and maintenance of BPIC products, including IBM’s WebSphere Application Server (WAS) and WMQ which can lead to unauthorized administrative access, a critical infrastructure vulnerability that allows hackers to own the system, “ said Ali Valdez, Vice President of Operations at Evans Resource Group. “In fact, nearly 90% of the penetration testing we’ve done has revealed access control vulnerability within the business process interconnectivity layer not just the network perimeter.”
Among the report’s key findings:
A free copy of the full report is available for download at:
About Evans Resource Group, Inc.
All company, brand, and product names referenced herein may be trademarks or registered trademarks of their respective owners.
Copyright 2014 Online PR Media | PO Box 5043 | La Quinta, CA 92248