Patented and FIPS 140-2 Certified Security Gateway for REST, XML, SOA, Cloud, and Mobile Computing API

FORUM SENTRY SECURITY GATEWAY

XML Gateway | Mobile Gateway | SOA Gateway | API Gateway | FTP Gateway | Identity Gateway

 

 

 

free download

The evolution of modern network traffic has converged around standards-based application level messaging patterns. The boundaries of integration partners extend beyond the corporate network to the internet and the cloud. Service-Oriented Architectures enable companies to expose services based on technologies such as REST, JSON, XML, and SOAP to dynamically integrate their business processes and IT systems using these standards-based specifications. Security for this type of data is different from any other network technology component as it requires deep content inspection and actual document parsing.

Forum Systems has been a global leader in the industry for over 10 years. Forum Sentry processes and secures more than 10 billion transactions worldwide each day. Packed with more than 100 industry protocol and messaging standards, Forum Sentry provides out-of-the box capabilities that dramatically reduce projects time-to-market and significantly reduce the cost and complexity of centralizing security, identity, and governance. Forum Sentry provides FIPS 140-2 level security and has been independently certified by NIST, DoD, US Treasury, and holds the industry's only Patent for cryptographic acceleration of security processing.

 

Request a trial

The Forum Sentry Technology Architecture

See more product details See more product details

The Forum Sentry Technology Architecture has been purpose-built for in-line gateway processing of network traffic flows across a wide variety of protocols and data message formats. The capabilities of the Forum Sentry Security Gateway enable policy based configuration of traffic flows that are terminated and initiated through the gateway. These traffic flows can be enacted upon with the 4 primary aspects of the Forum Sentry Gateway policies which are security, identity, governance, and workflow mediation. With the extensive list of on-board standards-based and native vendor specific protocols and message formats, the Forum Sentry Security Gateway is capable of performing the functions of an XML Gateway, a Mobile Gateway, a SOA Gateway, an Identity Gateway, and an FTP Gateway. The modules described below detail the various components of the product solution which can be selectively deployed and utilized to accomplish the business transaction flows and mediated, secured APIs.


Forum Sentry Ubiquitous Gateway Technology for XML, Mobile, SOA, Identity, and FTP Gateway functionality is listed below. Functionality applicable for Identity Gateway module features are color highlighed.

LISTENER AND REMOTE COMMUNICATION POLICIES

  • HTTP/HTTPS
  • FTP/FTPS
  • SMTP/SMTPS
  • SFTP
  • IBM MQ, Tibco EMS, Weblogic JMS, Sun JMS, JBOSS JMS, ActiveMQ, RabbitMQ
  • AMQP
  • SSL/TLS
  • 1-Way and 2-way SSL. PKI Key types: RSA, DSA, and ECC with key sizes up to 4096. Patented PKI cryptographic acceleration.
  • Protocol mixing across all supported protocols - any format in <=> any format out
  • Synchronous and Asynchronous scenarios
  • Accelerated SSL-Termination and SSL-Initiation
  • Secure SSL/TLS Offloading and Conversion to Standard TCP Connections

AUTHENTICATION AND AUTHORIZATION

  • HTTP Authentication: Basic Auth, Form Post Auth, Digest Auth, Cookie Auth, NTLM Auth, Kerberos/SPNEGO Auth
  • SSL X.509 Mutual Authentication (2-way SSL)
  • SAML Auth, IdP-Initiated SAML, SP-Initiated SAML
  • WS-UsernameToken, WS-X.509, WS-Kerberos, WS-SAML)
  • DSIG Auth
  • Custom Value Auth
  • Mobile Device Tokens
  • OAuth
  • XACML
  • Active Directory, ADFS, LDAP, CA Sitemdinder, IBM Tivoli, Oracle AM, RSA SecureID, RSA-ClearTrust, HP SelectAccess, OpenSSO, Kerberos KDC, Oracle CoreID
  • FTP User Authentication
  • Network and Message level Access Control
  • OpenPGP Keys associated per user account

DATA-LEVEL SECURITY POLICIES

  • WSDL Service, Port, Operation and URI filtering
  • Content filtering using XPath and regular expressions
  • Digital Signatures and Encryption
  • XSD Schema Validation, JSON Schema Validation, Schema Tightening
  • FTP OpenPGP streaming encryption and decryption
  • FTP OpenPGP signatures and signature verification
  • Antivirus scanning of body, attachment, and embedded BASE64
  • Intrusion Detection and Prevention of XML, HTML, JSON, REST, and SOAP threats
  • Protection against OWASP Top 10
  • Protection against NIST Web Services Vulnerabilities
  • Selective content analysis

TASK PROCESSING MEDIATION WORKFLOW ENGINE

  • Conditional logic
  • Content conversion, mediation, mapping
  • In-line conversion of XML, SOAP, JSON, and CRUD REST
  • Archiving
  • Selective Database Stateful Caching
  • Comprehensive implementation of OASIS messaging, security, and identity standards
  • Regular Expression Pattern Matching
  • Selective Decoding, Decryption, Signing, Encryption
  • Map To and Map From features across Protocol Headers, X.509 Attributes, User Attributes, Transaction Aspects, XML Values, 3rd party service calls
  • Custom Logging

RUNTIME GOVERNANCE AND FLOW CONTROL

  • Service SLA Metering and Enforcement
  • Payload and Message Size Based Enforcement
  • Rate-Based Enforcement
  • Per User, Per Consumer, Per Group Metering and Enforcement
  • Drill-down Latency Metrics across Transaction Policies

KEY MANAGEMENT AND SECURE KEY STORAGE

  • RSA, DSA, ECC, OpenPFP, and SSH Keys
  • FIPS 140-2 Key Storage
  • FIPS 140-2 Encrypted Policy Storage and Transfer
  • Key Generation, Key Import, CSR Signing, Signed CSR Association
  • Centralized Key Management. Policies Derive by reference enabling only single instances of Key Policy definitions
  • Key Expiry Alerts
  • DoD-PKI Certified
  • X.509 CRL Revocation Checking

WEB-BASED ADMINISTRATION, GLOBAL DEVICE MANAGEMENT

  • Secure, Web-Based Administration
  • Re-usable, Wizard-driven Policy Rules
  • Secure Policy Import/Export, both Full Config, and or Selected Transaction Policies and Dependencies
  • Secure Policy Promotion to Managed Sentry instances (hardware or software)
  • Audit logging with all Administration sessions and all administrative activities during session
  • Policy versioning and rollback
  • FIPS 140-2 Encrypted Policy Storage
  • Simultaneous multiple managed device policy promotion