SecureSpan Solution for Insurance Solutions

The SecureSpan Solution for Insurance offers: Drive Partner-based Revenues Securely sharing your applications via Web services improves transparency, communication and collaboration, making it easier for partners to do business with you rather than your competition. Cost-effective Self Service Securely incorporate your customer portal into your SOA, creating a self service solution that is responsive to customer needs, while ensuring your backend systems and sensitive customer data remain protected. Some of our Insurance customers include:

Securely e extend your SOA to resellers & customers, reducing the barriers to doing business and streamlining self service
SecureSpan SOA Gateway selectively exposes your applications in a secure manner to customers & partners resulting in agile, cost-effective interactions cost Increase Revenue Potential
Making it easier for partners to do business with you is fundamental to growing revenues. aking But while a third-party system like IVANS is an effective way of connecting with your hile brokers, what about resellers that dont need to remain at arms length, such as travel agents, other insurers, banks, or credit card companies? Extending your SOA to resellers xtending would allow them access to your in-house systems and applications, reducing the barriers to applications doing business by streamlining processes across company boundaries. But this raises concerns around security and data confidentiality. The Layer 7 SecureSpan SOA Gateway has been deployed at a number of Fortune 500 he eployed companies to address their security and privacy concerns, gating user access according to , their entitlement and monitoring/actioning policy compliance to ensure all entitlements, communications between external users and back end systems is secure. A Web services back-end secure approach a allows qualified partners access to your back-end systems, increasing their end system efficiency, remov IT overhead associated with implementing and maintaining Web removing applications lications/portals, and enabling smoother business transactions between companies. companies

Flexible, Secure Self Service

Providing customers with the ability to self serve can significantly reduce yo cost of your business. But most customer self service systems are implemented as specialized Webself-service Web based portals that are integrated to back back-end systems using point oint-to-point integrations. Building out and maintaining such systems in response to customer demand takes time and deman can consume a large percentage of todays shrinking IT budget. A SOA-enabled portal can . SOA significantly improve the agility of your self service solution, but securely propagating identity credentials across the user-based Web and machine-based Web services can be a based complex undertaking undertaking. The Layer 7 SecureSpan SOA Gateway uniquely addresses both the service-side and service consumer consumer-side needs of SOA portal security. The Gateway can be configured against diverse Identity and Access Managem Management (IAM) products so you can leverage one or more of your existing policy decision points to make authentication and authorization decisions. Moreover the Gateway has the unique ability to flow session cookies generated inside a Moreover, Web Single Sign On ( (SSO) product to a Web services client. By bridging i identities between security domains in a SOA, Layer 7 can help you resolve identity federation problems; monitor and track your services across the distributed entity network, and coordinate security preferences across multiple domains in order to ensure across your Web services and sensitive customer data remain secure cure.

To learn more about Layer 7s latest release, call 1-800-681-9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.

Key Features
Identity and Message Level Security
Identity-based access to services and operations Manage security for crossdomain and B2B relationships Enforce Web services standards Secure WSDL, REST and POX interfaces Audit transactions Cryptography Transactional Integrity Protection Prevent XML attack and intrusion Integration with leading identity, access, SSO and federation systems from Oracle, Sun, Microsoft, CA, IBM Tivoli, Novell Enforce fine-grained entitlement decisions authored in an XACML PDP Credential chaining, credential remapping and support for federated identity Integrated STS/SAML issuer supports SAML 1.1/2.0 and Security Context Tokens Integrated PKI CA for automated deployment and management of client-side certificates, and integrated RA for external CAs STS support through WS-Trust and WS-Federation Support for all major WS* and WS-I security protocols Selectively control access to interfaces down to an operation level Create on-the-fly composite WSDL views tailored to specific requestors Service look-up and publications using WSIL and UDDI Log message-level transaction information Spool log data to off-board data stores and management systems Optional onboard HSM and support for external HSMs (i.e., nCipher, Luna, etc) Support for elliptic curve cryptography (conforms to NSAs Suite B algorithms) FIPS 140-2 support in both hardware (Level 3) and software (Level 2) Configurable validation & filtering of HTTP headers, parameters and form data Detection of classified or dirty words or arbitrary signatures with subsequent scrubbing, rejection or redaction of messages Support for XML, SOAP, POX, AJAX, REST and other XML-based services Protect against identity spoofing and session hijacking cluster-wide Assure integrity of communication end-to-end Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting language injection attacks; external entity attacks Protection against XML content tampering and viruses in SOAP attachments High speed message transformations based on internal or external XSLT High speed message validation against predefined external schema High speed message searching, element detection and content comparisons ASIC-based hardware accelerator can be optionally used to maximize message throughput and minimize processing latency Granular rate limiting and traffic shaping based on number of requests or service availability across a cluster Persist message counters across clusters so that rate limiting and traffic shaping can be strictly enforced in high availability configurations Prioritize XML traffic based on Class of Service/Quality of Service preferences Manage routing to back-end services based on availability or latency performance Compose inheritable policy statements from >100 pre-built policy assertions Branch policy execution based on logical conditions, message content, externally retrieved data or transaction specific environment variables

Threat Protection
Filter XML content for SOA, Web 2.0 and Cloud

XML Acceleration
Accelerated XML processing Optional hardware-based acceleration

Traffic Management
Throttling Cluster-wide counters CoS for XML Service availability management WS-Policy-based graphical policy editor & composer

Management / Administration

Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.

 On-the-fly policy changes Global policy migration Headless operation Cluster-wide redundancy Create custom policies

Publish policies to popular registries for lifecycle management Service and operation level policies with inheritance for simplified administration Policy lifecycle and migration management across development, test, staging and production, as well as geographically distributed data centers API-level access to administration SDK-level policy creation for simplified policy customization Polices can be updated live across clusters with no downtime required Manage policy migration across development, test, staging, and production environments, as well as mirror sites Control administration directly through SOAP and RMI APIs All appliance clusters operate in live active-active mode to ensure recovery from any single gateway failure New nodes in a cluster can be added without manual re-configuration All policy changes to a cluster can be made in real-time Migration of policies can be managed across mirror sites remotely Policy SDK allows for custom policy assertion creation using Java Active-active clusterable, dual power supply, mirrored hot-swappable drives, multi-core 1U server Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0 VMware/ESX (VM Ready certified) Amazon EC2 AMI

Form Factors
Hardware Software Virtual Appliance Cloud

Supported Standards
XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, IMAP4, X.509 Certificates, FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, HTTP/HTTPS, JMS, MQ Series, Tibco EMS, Raw TCP, FTP/FTPS, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WSAddressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF

The SecureSpan Solution for Insurance is supported on all hardware, VMware, cloud and software versions of Layer 7s SecureSpan appliances. To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.

Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.