Experts agree that Web Services (XML, SOAP) have already reopened 70% of the attack paths against Internet connected systems that were closed by network firewalls in the 1990s.

Web Services are specifically designed to tunnel through firewalls using the HTTP or HTTPS protocol.  Web Services are beyond the control of the security administrator and cannot be inspected by content security scanners.  All data attached to a Web Service is encapsulated within the XML request/response and is out of the reach of traditional content inspection.

Virtually every software application is Web Services enabled - plus thousands of “free” webservices such as chat, webmail and file exchange - and many people are using Web Services without being aware, for example with Microsoft Office applications and RSS Feeds.

XmlRAY inspects all inbound and outbound XML traffic according to the policies set by the security administrator.  The policies are based on the sender, recipient, attached data type, keyword search, request methods and other criteria.  All actions are centrally logged and data attachments, such as executables, are forwarded to the appropriate content security devices such as Antivirus or an authentication proxy.  If the XML request and the data attachements conform with the security policies, the request and data are sent to their destination.

Features of Microdasys XmlRAY include

• Policy based inspection of all inbound and outbound Web Services
• Interfaces with ICAP enabled content security scanners for Antivirus protection and content inspection
• Auto WSDL feature identifies XML requests and creates a WSDL file if none is present
• Web Services are vertically categorised for quick and easy creation of global acess and action policies
• Easily integrates with Microdasys SCIP for the inspection of SSL encrypted XML requests
• Supports unlimited, multiple accounts with role-based, multi-admin administration