Reactivity Inc. this week emerged as the newest entrant into the secure Web services messaging field with the debut of its Reactivity Service Firewall, a drop-in software product that supports and routes XML-based messaging and other Web services protocols stacks.
Situated at the edge of an enterprise network, the bi-directional Reactivity Service Firewall ensures distributed application-to-application integration occurs without a hitch by performing validation, authorization, and authentication of messages carrying multiple transport protocols through a run-time engine, said Glenn Osaka, president of Belmont, Calif.-based Reactivity.
"We analyze messages on the fly and we assert access control, filtering, and routing to make sure that the message is coming from a valid party and it is authorized to do what it's supposed to do," said Osaka. "Some messages are low-risk while others you want to execute fine-grained filtering policies. So we intelligently figure how to process messages going through with the least effort."
Osaka said the product's Management Console is responsible for policy configuration and centralization, as well as supporting message monitoring, reporting, and audit logging functions of all messages and transactions across a network. Access control is granted by basing security decisions to be made based upon header and full message content.
The first release of Reactivity Service Firewall is currently available on Linux. A Sun Microsystems Inc. Solaris platform will be introduced in October, said Osaka.
Despite its market immaturity, Reactivity is following in the footsteps of fellow security startups Vordel and Forum Systems in efforts to convince customers that they must seek third-party assistance to add an element of security into their Web services application development projects, said Laura Koetzle, infrastructure research analyst at Cambridge, Mass.-based Forrester Research Inc.
"Sometimes security gets viewed as something that's in the way by an internal developer. They don't like to bake [security] into their applications," said Koetzle. "This is a way for insulating an enterprise against that kind of eventuality. It would certainly be a wise move for customers."
However, Koetzle said a few hurdles could hinder Reactivity's fledgling security pitch. In particular, she said that dubbing the product a "firewall" could confuse customers into categorizing Reactivity among traditional endline hardware devices sitting in a data path. Further down the road, she said this new breed of message routing security companies must overcome the challenge of associating certificates with services so that each service will feature a key pair for authorization on a physical machine running multiple Web services.
Reactivity Service Firewall development costs approximately US$50,000. Customers can also choose to deploy a number of firewalls with the Central Management Console. In those cases volume pricing will apply.