Ernst & Young Expands Online Security Service

[William Knowles <wk () C4I ORG>]

[Sure it sounds like a story developed from a press release, But I
know there are plenty of competitive intelligence professionals with
various infosec companies on this list that really dig this kind of
information. Personally it sounds like they are selling the service of
someone reading ISN and BUGTRAQ and others all day, Trimming out
noise and selling the signal. -WK]

http://www.techweb.com/wire/story/TWB20000607S0011

By David Drucker , InternetWeek
Jun 7, 2000 (12:38 PM)

Ernst & Young this month is expanding an online service,
eSecurityOnline.com, that's designed to make it easier for managers to
set up and maintain network security. The service gives IT managers
information on how to configure systems for optimum security; profiles
of the vulnerabilities of specific hardware and software and details
on how to fix them; and notifications of new vulnerabilities and
viruses. It evolved from a security service E&Y has been providing to
clients.

New to the service is a knowledge base of best practices -- culled
from Ernst & Young's security-consulting services -- for configuring
Web servers, routers, firewalls, operating systems and other
technology. Managers input details on hardware and software they're
using and receive security-related advice.

Managers can identify aspects of their network that affect security
but are often overlooked, such as ports, default IDs, and password and
naming conventions, said eSecurityOnline vice president Tony Spinelli.

"An IT manager typically knows how to set up a product for performance
and scalability, but can overlook many security risks," he said.

A premium service, which has been available through subscription,
gives managers a listing of known security vulnerabilities of their
hardware and software. The listings include ratings of the risk,
recommended procedures for remedying the problems, links to patches
and other vendor fixes, and recommendations for how best to implement
them. E-mail alerts notify IT managers of newly discovered
vulnerabilities.

The service is designed to alleviate the need for managers to
constantly search for the latest vulnerabilities, Spinelli said.

Ernst & Young recently partnered with Network Associates (stock: NETA)
to include Network's virus notifications in the basic service. The
service will filter notifications so managers are only alerted to
viruses that pose a threat to their network environment.

The basic service will be available later this month; pricing is not
yet determined. The vulnerability service, available now, is priced
starting at $5,000 per annual single-user license.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".