Service-based security

[InfoSec News <isn () C4I ORG>]

http://www.infoworld.com/articles/hn/xml/00/06/14/000614hnsecurity.xml

Published at: Wednesday, Jun. 14, 2000 8:30 am PT

By Brian Fonseca

ALTHOUGH VIRUS AND worm protection typically grab most of the
attention in today's security landscape, a pair of security companies
burst onto the scene this week hoping to prove that online
vulnerability-scanning and services also have a huge role to play in
safeguarding an organization's key assets.

Newly launched EsecurityOnline.com and Vigilante.com seek to manage
and implement security around a company's perimeter through the click
of a browser. By taking a strict, customized approach to assessing a
network, these security companies target and identify technical
vulnerabilities and offer the information and means to correct those
flaws, company officials said.

Through its Online Vulnerability Service, Ernst & Young venture
eSecurityOnline.com keeps its customers "in the loop" by providing
constant vulnerability and security updates specifically identified as
important to their business and infrastructure, said
eSecurityOnline.com CEO Jon Darbyshire.

The service monitors and researches various security-related
information and news on a daily basis, freeing up a company's security
or network administrator to shift attention toward more pressing
matters, said Ron Friedman, an eSecurityOnline.com customer and vice
president of Information Assurance at Annapolis, Md.-based
USInternetworking.

"The viruses tend to get the most play in the public eye, but the
things that keep me awake at night are vulnerabilities inherent in the
OS we are deploying," Friedman said. "There are so many alerts and
advisories out there, it was taking too much resources from my group.
[Through EsecurityOnline.com,] I'm not running the risks that may not
pertain to us."

Within 24 hours of a vulnerability's identification,
eSecurityOnline.com's security bulletin issues alerts based on
priority, highlighting its description, how it may impact the
environment, how it can be fixed, its patch location, and links to
receive more information about it.

Friedman said early warnings come in handy even if fixes aren't
readily available, at least giving his staff time to configure its
intrusion detection resources to help protect against the
vulnerability.

In the coming months, EsecurityOnline.com plans to offer a Virus Alert
Subscription Service supported by anti-virus vendor Network
Associates, Darbyshire said.

Vigilante.com brings its three-year European presence and new address
to the United States this week, accentuated by its flagship security
assessment product, SecureScan.

SecureScan uses scanning software to measure security on a customer's
Web site by continuously testing routers, Web servers, FTP servers,
mail servers, application servers, and other IP-centric network
devices, said Ulf Munkedal, president and chief operating officer of
Vigilante.com. A report issued by the service details the origins and
whereabouts of the vulnerabilities and a suggested course of remedy.

The Web service does not offer alerts to customers. Munkedal said the
SecureScan database is updated weekly. The company also provides
security consultation.

SecureScan can be purchased as an ongoing subscription or one-time
purchase. Pricing was unavailable.

The eSecurityOnline.com Online Vulnerability Service is being offered
on a tiered pricing schedule, based on the number of users.

ESecurityOnline, in Kansas City, Mo., is at www.esecurityonline.com .
Vigilante Inc., in Long Island, N.Y.,
is at www.vigilante.com .

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".