New Tools To Assess Security

A moving target, enterprise security is in constant need of assessment. For years, many organizations turned to outside IT security firms to assess their networks. However, with the introduction of a number of new security and vulnerability assessment tools, vendors are now giving companies the option of taking assessment into their own hands.

With the widespread use of the Internet and the introduction of new vulnerabilities into the network, security assessment is coming into the spotlight. Many organizations are beginning to think about adding this next layer of security protection. Why? Because these products are designed to detect weaknesses in an enterprise network before problems occur, providing security managers with proactive tools. International Data Corp. (IDC), Framingham, Mass., expects the security and vulnerability assessment product market to reach $700 million by 2004, that’s up from $170 million in 1999.

Organizations can’t afford to sit around and wait for a network attack. “Security managers need these tools because networks have become so complex and companies can’t expect to be able to button up every network vulnerability,” says Charles Kolodgy, research manager at IDC.

To the rescue are vendors such as Bindview Corp, Houston, Texas; eEye Digital Security, a division of eCompany Inc., Aliso Viego, CA; PGP Security, a Network Associates Inc. company, Santa Clara, CA; Qualys Inc., Sunnyvale, CA; Sanctum Inc., Santa Clara, CA; SPI Dynamics Inc., Atlanta, GA; and WebTrends Corp., Portland, OR; to name a handful.

Vendors are offering more than cookie cutter solutions. For example, some products are reportedly able to detect known vulnerabilities, whereas others detect unknown vulnerabilities as well. Another area of product differentiation is in the ability of the tools to fix the problems they find. For example, Retina 3.0 from eEye, has a FixIT feature that provides network administrators with a description of any found vulnerabilities, information on how to fix it, or access to a FixIT button that can repair the vulnerability locally or remotely. Finally, some vendors’ products work at the network level; others, such as Sanctum’s AppScan 2.0, work at the application level, according to the company.

Additionally, there are two areas where security and vulnerability assessment products can be used. For example, there are host-based products where software agents are placed on large numbers of systems from large servers all the way down to PCs. These agents then report into a centralized management system to give the owner a view of the environment. Network-based vulnerability assessment describes products where a dedicated server or appliance sits on the network to assess vulnerabilities.

Taking another spin on security and vulnerability assessment is Qualys, a provider of online network security services. The company’s flagship service, QualysGuard, continuously audits a customer’s network via the Internet to detect and assess vulnerability, reportedly taking a hacker’s view of the network.

According to IDC, the cost of vulnerability assessment software can range from $695 per server all the way up to $15,000 for 1,000 nodes. On average, however, Kolodgy estimates costs in the vicinity of $1,000 per server.

Lynn Haber writes on business and information technology from Norwell, MA.