Information Security News mailing list archives
Service-based security
From: InfoSec News <isn () C4I ORG>
Date: Wed, 14 Jun 2000 10:50:11 -0500
http://www.infoworld.com/articles/hn/xml/00/06/14/000614hnsecurity.xml Published at: Wednesday, Jun. 14, 2000 8:30 am PT By Brian Fonseca ALTHOUGH VIRUS AND worm protection typically grab most of the attention in today's security landscape, a pair of security companies burst onto the scene this week hoping to prove that online vulnerability-scanning and services also have a huge role to play in safeguarding an organization's key assets. Newly launched EsecurityOnline.com and Vigilante.com seek to manage and implement security around a company's perimeter through the click of a browser. By taking a strict, customized approach to assessing a network, these security companies target and identify technical vulnerabilities and offer the information and means to correct those flaws, company officials said. Through its Online Vulnerability Service, Ernst & Young venture eSecurityOnline.com keeps its customers "in the loop" by providing constant vulnerability and security updates specifically identified as important to their business and infrastructure, said eSecurityOnline.com CEO Jon Darbyshire. The service monitors and researches various security-related information and news on a daily basis, freeing up a company's security or network administrator to shift attention toward more pressing matters, said Ron Friedman, an eSecurityOnline.com customer and vice president of Information Assurance at Annapolis, Md.-based USInternetworking. "The viruses tend to get the most play in the public eye, but the things that keep me awake at night are vulnerabilities inherent in the OS we are deploying," Friedman said. "There are so many alerts and advisories out there, it was taking too much resources from my group. [Through EsecurityOnline.com,] I'm not running the risks that may not pertain to us." Within 24 hours of a vulnerability's identification, eSecurityOnline.com's security bulletin issues alerts based on priority, highlighting its description, how it may impact the environment, how it can be fixed, its patch location, and links to receive more information about it. Friedman said early warnings come in handy even if fixes aren't readily available, at least giving his staff time to configure its intrusion detection resources to help protect against the vulnerability. In the coming months, EsecurityOnline.com plans to offer a Virus Alert Subscription Service supported by anti-virus vendor Network Associates, Darbyshire said. Vigilante.com brings its three-year European presence and new address to the United States this week, accentuated by its flagship security assessment product, SecureScan. SecureScan uses scanning software to measure security on a customer's Web site by continuously testing routers, Web servers, FTP servers, mail servers, application servers, and other IP-centric network devices, said Ulf Munkedal, president and chief operating officer of Vigilante.com. A report issued by the service details the origins and whereabouts of the vulnerabilities and a suggested course of remedy. The Web service does not offer alerts to customers. Munkedal said the SecureScan database is updated weekly. The company also provides security consultation. SecureScan can be purchased as an ongoing subscription or one-time purchase. Pricing was unavailable. The eSecurityOnline.com Online Vulnerability Service is being offered on a tiered pricing schedule, based on the number of users. ESecurityOnline, in Kansas City, Mo., is at www.esecurityonline.com . Vigilante Inc., in Long Island, N.Y., is at www.vigilante.com . ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Service-based security InfoSec News (Jun 14)