Company Profile
Founded in 1993 and officially launched on the Internet in 1994, Quote.com was the first company to offer an Internet-based equity research service. Quote.com provides Wall Street-quality content, tools and transaction capabilities to independent investors, and is the Internet's largest source of streaming quotes. Since December, 1999, Quote.com has been part of the Lycos Network, responsible for its Finance Channel.

Situation
Quote.com's customer portfolios contain sensitive data, such as credit card details and facts about net personal worth. In addition, the company's subscription model also gives customers a choice of service levels. While Quote.com then, as now, employed network-level security and SSL encryption, it did not initially have in place a solution dedicated to preventing hackers from maliciously altering or "perverting" its Web applications. Although the company believed its security was, at the time, state of the art, Quote.com realized the strategic advantage it would gain by proactively implementing additional security measures. The company decided to investigate new technology that would protect its Web applications and prevent hackers from gaining access to customer and corporate data or defrauding the company's subscription service.

Business Solution
Quote.com had two options - spend the human capital to develop application security solutions internally or turn to Sanctum, Inc. and its AppShield software. An active system that monitors and responds to any unusual or unauthorized behavior within a Web site, AppShield secures sites by blocking any attempts at manipulation.

Benefits
Quote.com can now confidently promise customers that their most sensitive information is completely secure, from transmission to storage. That sense of security extends to the company's own digital assets as well. Today, the company is able to dedicate its engineers to developing new products and services rather than creating and troubleshooting security solutions. AppShield allowed Quote.com to move to production rapidly, and performed reliably at the levels the company expected. Sanctum's product support team worked closely with Quote.com to ensure that the deployment went smoothly and successfully.

The Case
Privacy and information security top the list of Internet users' concerns. Enterprises have to worry about providing a safe haven for their customers' private data as well as securing their own corporate information. Good solutions exist for anti-virus protection at the desktop, data encryption for transport and network-level security. However, none of these solutions protect the Web application itself. Using the smallest hole in a site's code as their entry point, hackers can steal corporate assets, alter buy/sell transactions, access customer information, or deface and even disable Web sites. This increasingly insidious form of hacking is called Web Application Perversion.

Quote.com, a leading online investment resource, realized that they could not assure their customers complete security as long as the threat of breaches to their application code existed - both the code developed in house and code purchased from third parties. In addition, they recognized the strategic advantage of security to their success in the marketplace. The company looked at the possibility of developing a solution in-house, and realized that while application security is an easy business problem to understand, it is an extremely hard problem to fix. Ultimately, Quote.com deployed Sanctum's AppShield Web application security solution.

"Web application security can be addressed by manually patching applications, but often by the time you find the holes, it's too late," says Kaj Pedersen, Vice President of Engineering at Quote.com. "We wanted to be able to offer our customers a completely secure repository for their mission-critical data and not dedicate our engineers' time to finding and fixing weak links in the code. AppShield does all the work of keeping our Web site secure so that we are as confident in the safety of our corporate information as our customers are with their personal records."

In addition to protecting customer data, Quote.com wanted to ensure that its subscription model, which allows customers to select the level of service best suited to their needs, was also totally secure and could not be manipulated fraudulently.

After hearing about Sanctum's AppShield, Quote.com asked for a live demonstration. Under the watchful eyes of Quote.com personnel, a Sanctum employee, using widely known techniques, successfully hacked into a Quote.com executive's account. Sanctum subsequently showed how AppShield could prevent such intrusions.

"The AppShield demo clearly illustrated that the Achilles' heel of corporate Web sites is the application," notes Pedersen. "Not only can we realize a competitive advantage by using AppShield, but it is a true business enabler. Assuring our customers that their information is safe from third-party interference is a number one priority. Our customer's trust in our company and brand is one of the most critical concerns we have."

AppShield runs around the clock, intelligently and autonomously securing sites even if they generate content dynamically or continually launch new applications. This reliability frees product engineers to concentrate on development, without worry about security requirements at the application level.

After six months of operation, AppShield has allowed Quote.com's engineers to focus their attention on product utility. The company has been able to move to production and execute applications and services more rapidly with AppShield taking on the responsibility for application security.

"Our engineering teams are clearly benefiting from the ability to use their creative energies on product functionality, and we're seeing the results in quick turnaround time for development," adds Pedersen.

With its ease of installation, AppShield keeps companies from experiencing costly delays in implementation. Over a 10 day period, Quote.com was able to do an evaluation of the product, load and test it in its in-house environment, and deploy it in secure mode. Once up and running, AppShield performed at the levels Quote.com was anticipating, handling the transaction volumes without difficulty.

"Our employees got up to speed with AppShield very quickly," says Pedersen. "The architecture lends itself to easy deployment, with only the usual implementation and configuration requirements. And we've had no problems maintaining business as usual since AppShield has been in place; it has definitely exceeded our initial expectations."

Sanctum's product support team actively engages in helping customers enjoy the full benefits of AppShield. Rather than simply troubleshooting when problems arise, the team assists in all stages, from implementation through utilization.

"The Sanctum support team really added value to our decision to employ AppShield," adds Pedersen. "They believed in the product and wanted us to succeed with its deployment. We gained a lot of confidence from that relationship and can pass that trust on to our customers."

For More Information:
Sanctum, Inc.
2901 Tasman Drive, Suite 205
Santa Clara, CA 95054
Tel: (408) 352-2000
Fax: (408) 352-2001
E-mail: [email protected]
Web: www.sanctuminc.com

Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. (formerly Perfecto Technologies) pioneered the market for Web application security and control software. Sanctum's software works autonomously and continuously to monitor how individuals interact with Web applications. By detecting and defending against any unauthorized behavior, Sanctum prevents Web application perversion, even if a site has unknown security holes or flaws. Sanctum's customers include industry leaders in banking, retailing, finance, government, and healthcare. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders, including Sequoia Capital, Walden and Intel Corporation.