Securant Secures Web Applications - Product Announcement

ENT, Dec 13, 2000 by Christopher Mcconnell

One of the promises of Active Directory is unified permission setting across the networks. Securant Technologies, a provider of security solutions for Web applications, helps to deliver on that promise through the integration of its ClearTrust SecureControl 43 product with Active Directory.

"It uses Active Directory to manage users' account information," says Eric Olden, CTO at Securant. ClearTrust SecureControl 4.5 integrates with Active Directory to identify and manage users and permissions for Internet applications.

Securant says that Web-based applications are often a security soft spot. The company targets these applications to secure them from theft and intrusion by enforcing a log-on procedure. ClearTrust SecureControl authenticates users, determines their permissions, and controls access based on these permissions.

The Windows 2000 version of the software taps Active Directory for these functions, checking users against the Active Directory database, which also includes permissions information for the user.

In addition to access control features, ClearTrust SecureControl also monitors user activity, ensuring that users are not performing tasks that may intentionally or unintentionally compromise the security of the network. It also logs out users who have apparently abandoned their sessions. Finally, it keeps logs of sessions for security audits after the fact.

Securant began offering its solutions primarily to customers with Unix-based environments, but is finding NT to be a critical market. "With Windows 2000, we're finding more and more customers have Windows 2000 in their data centers," Olden says. Securant decided it was important for the company to cater to Windows systems.

"We began asking ourselves, 'How do we leverage, the Windows 2000 platform,"' Olden says. Securant's answer was to use AD as an information store for authenticating and protecting end users.

Despite its platform-centric features, ClearTrust SecureControl 4.5 is written entirely in Java, allowing it to run on any environment. This is particularly important in Web farms, which can contain a number of different operating systems.

"We're putting security in the drinking water," Olden says. Because many Web applications are home-grown, created by in-house or contract developers, Securant has also integrated with a number of development environments often used for creating Web applications. With this feature, developers can concentrate on adding functionality rather than worrying that their applications are completely secure.