Security overload?

Vendors market Web application and Web services firewalls to shore up the shortcomings of conventional firewalls. But are the product sets sufficiently distinct that an organization could justify having both?

Eventually, a single product will handle Web application and Web services chores, said Bob Walters, president and chief executive officer at Teros. But that hasn't happened yet. "There is so much specialization involved in really doing a good job of protecting Web applications and protecting Web services that there is no vendor that does a good job at both."

Just the same, vendors already hint at future firewall convergence.

NetContinuum, for example, includes Forum Systems' XWall Web services firewall software inside its NC-1000 Application Security Gateway Web Services Edition. "So, we do believe there will be some convergence," said Wes Swenson, chief executive officer of Forum Systems.

At Kavado, the company's Web application firewall includes a module that covers Web services' simple object access protocol. Still, Vik Desai, Kavado's chief executive officer, believes his product complements Web service firewalls.

"The [Web services] firewalls out there are looking for different types of things than we would at the application layer," Desai said.

Meanwhile, firewall and intrusion detection system vendors, such as Cisco Systems, aim to bolster application-level security. In February, Cisco unveiled Cisco IPS Version 5.0 and Cisco IOS Software Release 12.3(14)T.

Those offerings provide improved application inspection capabilities and application security for port-80 control and misuse, according to the company.