Today's technology and market has evolved with two distinct segments. One is around networking and traditional perimeter security, and the other is around applications and business functionality. The result is that there is a significant separation and variations in implementation of critical components of security across the layers of the OSI stack with no consistent integration for security and business reporting. The internet has done a great job of standardizing network connectivity, but does not address comprehensive security or business reporting. Everyone does it in their unique way and/or relies on the other for security. The result is businesses are driven to private application or function specific networks in order to guarantee security, reporting, and control. Combine this with the fact that the telecommunications and network equipment companies are focuses on selling bandwidth and equipment to earn a living and one can quickly see why the market and technology is so fragmented.
The result today is that networked application security is dependent on several critical elements that are not consistently implemented or managed as an aggregated network or system for a shared participant environment. Today, assuming multifunction networked security is only as good as the worst combination (weakest link) of implementation approaches whether it be in one of many applications using the network or in any elements of the perimeter security applied at the network perimeter, one of its segments, or in the applications using the network.
Current approaches to addressing these issues are focused on more complex versions of the same approaches. Examples include smarter perimeter devices like XML firewalls, payload inspection routers, and devices focused on content based filtering and routing. Users are forced to implement private dedicated networks that are application or function specific, point to point, and managed as islands of secure network infrastructure where a key element of the security approach is to limit activity or users through single or centralized control. These approaches are costly and severely limit participants on the network as well as networked applications. Examples include the many private and function specific networks in banking today (Visa, ACH, ATM, Fed Wire, etc.,) the traditional EDI implementations where point to point connections are used for EDI transmission between two parties, and the many networks used in the securities, insurance, medical, legal, and educational business verticals that perform limited functions and have a restricted participant base. There is no current architecture to accomplish security where disparate elements are implemented and enforced in a consistent manner independent of the network transport provider and/or applications attached to the network where each participant can maintain secure control of their network activity (services) independent of others on the network. For example, the telecommunications companies are stuck in the private network business with a slight move to a managed VPN model, and the network equipment providers are focused on selling more equipment. There is a need for a managed network architecture that addresses these issues independent of telecommunications provider and network equipment provider.
A need exists for a network that addresses the shortcomings in the current commonly accepted implementation models for security for applications that run over any OSI based network infrastructure at both the network and application layers. By integrating comprehensive security and reporting elements across the OSI stack into a virtual secure network offering one can arrive at a low cost, secure, multifunction, broad reach virtual network that addresses all of the elements needed to support a basic business contract on a shared multifunction network infrastructure that is currently not attainable with today's piecemeal and fragmented approaches.
No network exists today that combines the features of embedded comprehensive security, business reporting, low lost, flexibility, and governance that can be achieved with the invention. The invention supports any network protocol that is TCP friendly including streaming protocols and also provides architecture to secure the provisioning and use of web services over any network transport. The invention enables the creation of secure virtual network communities on any physical network where comprehensive end to end security and business reporting are functions of network communications and inclusive to all network traffic. By combining this capability with various governance and implementation models one can arrive at one or more network architecture offerings where a network provider establishes an infrastructure that enables the creation of participant driven and managed secure virtual network communities for conducting secure and manageable communication over any physical network including wired and wireless transmission mechanisms. This enables the creation of secure network communities of participants over existing private networks or any public network such as the internet.