Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Risk management products

From: Tony UcedaVélez <tonyuv () versprite com>
Date: Wed, 21 Feb 2007 00:31:05 -0500
You have to check out The Gideon Group's SecureFusion
(http://www.thegideongroup.com/securefusion-suite.asp) product.  Its been
used at top U.S banks, gov't dept, healthcare organizations, and even major
retail groups.  It uses agent less authenticated/ non-authenticated
techniques to perform policy gap analysis, configuration assessments,
control based risk assessments, wireless assessments, asset management,
compliance based assessments, and more.  In my first introduction to the
product, roughly 1.5 years ago, it went head to head with McAfee's Citadel,
Symantec's Compliance Center (old Bindview), and Cambia's risk assessment
product and won great reviews and ultimately a contract at the place of work
I was at (top 10 U.S bank).  The great thing about SecureFusion is that its
based up SOA, therefore it can integrate with any server/ device/ appliance
b/c its not platform dependent.  Its also module based so it fulfills a lot
of needs, as previously mentioned.  Preventsys is a great product, but it
relies completely on the capabilities of the underlying scanning component,
which is not all inclusive within the product.     

Hope this helps.

Tony UcedaVélez, CISA, GIAC
VerSprite, LLC
(office) 678.938.3434
(email) tonyuv () versprite com
(web)   www.versprite.com
 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of offset
Sent: Friday, January 19, 2007 11:52 AM
To: security-basics () securityfocus com
Subject: Risk management products


Greetings and salutations,

I'd be interested in opinions regarding the various Risk
Management/Aggregation products/tools out there.

products such as:

Preventsys
Skybox

Any others that I am missing?

Looking for the following characteristics (high level):
* Ability to pull in raw data from many security tools
* Ability to normalize threats from many different sources
* Ability to add custom risk weightings by network, os, platform, etc.

-- 
offset () ubersecurity org
--
Got Tor?  Support anonymous Internet communication.  http://tor.eff.org/
Previous By Date Next
Previous By Thread Next

Current thread: