Securant Secures Web Applications

One of thepromises of Active Directory is unified permission setting across the networks.Securant Technologies, a provider of security solutions for Web applications,helps to deliver on that promise through the integration of its ClearTrustSecureControl 4.5 product with Active Directory.

“It usesActive Directory to manage users’ account information,” says Eric Olden, CTO atSecurant. ClearTrust SecureControl 4.5 integrates with Active Directory toidentify and manage users and permissions for Internet applications.

Securantsays that Web-based applications are often a security soft spot. The companytargets these applications to secure them from theft and intrusion by enforcinga log on procedure. ClearTrust SecureControl authenticates users, determinestheir permissions, and controls access based on these permissions.

The Windows2000 version of the software taps Active Directory for these functions,checking users against the Active Directory database, which also includespermissions information for the user.

In additionto access control features, ClearTrust SecureControl also monitors useractivity, ensuring that users are not performing task that may intentionally orunintentionally compromise the security of the network. It also logs out userswho have apparently abandoned their sessions. Finally, it keeps logs ofsessions for security audits after the fact.

Securantbegan offering its solutions primarily to customers with Unix-based environments,but is finding NT to be a critical market. “With Windows 2000, we’re findingmore and more customers have Windows 2000 in their data centers,” Olden says.Securant decided it was important for the company to cater to Windows systems,as well as Unix.

“We beganasking ourselves, ‘How do we leverage the Windows 2000 platform?’” Olden says.Securant’s answer was to use AD as an information store for authenticating andprotecting end users.

Despite itsplatform-centric features ClearTrust SecureControl 4.5 is written entirely inJava, allowing it to run on any environment. This is particularly important inWeb farms, which can contain a number of different operating systems, makingproprietary, platform-specific solutions unwieldy.

“We’reputting security in the drinking water,” Olden says. Because many Webapplications are home-grown, created by in-house or contract developers,Securant has also integrated with a number of development environments oftenused for creating Web applications. With this feature, developers canconcentrate on adding functionality rather than worrying that theirapplications are completely secure.

Securant Technologies Inc., San Francisco,