ESsecurityOnline, a security software company owned by Ernst &
Young, is wading into the security management market with a
vulnerability management appliance.
The product, called eSO Advisor, will use a database of information
collected by Ernst & Young experts to help organisations track
and manage security vulnerabilities on their networks and will sell
for $32,495 (£20,849).
The product allows companies to generate automatically and maintain
informational profiles of assets such as hardware devices,
operating systems and installed applications. That asset
information is compared against a database of 4,800 remote and
host-based security vulnerabilities compiled by Ernst & Young,
generating a prioritised list of security vulnerabilities that is
correlated to an organisation's specific devices and
software.
"We found that our customers were apprehensive about putting asset
profile information into Ernst & Young's systems," said Ken
Hammond, vice-president of business development at eSecurityOnline.
"To drive consensus, we made the push towards a compartmentalised
solution."
The eSO Advisor is a rack-mounted, one-CPU appliance based on a
Dell Computer PowerEdge 1650 server running the eSecurityOnline
software and the Windows 2000 operating system.
Each appliance can manage up to six non-contiguous "Class C" IP
(Internet Protocol) ranges and a total of 254 unique IP addresses.
Customers with large networks can deploy multiple eSO Advisor
units. A companion appliance, the eSO Director management console,
is available to co-ordinate the activities of the various
appliances. The eSO Director is sold separately for the same price
as the eSO Advisor.
The eSO Advisor draws from knowledge eSecurityOnline gained through
the development of its eSO Framework risk management product. That
tool also targets critical IT infrastructure, creating
configuration standards, identifying vulnerabilities and software
fixes, and helping companies to create and maintain security
policies.
Unlike eSO Framework, eSO Advisor jettisons the security policy
management features, a move that will make it more attractive to
mid-market companies that are not using Ernst & Young for
security-related services.
For chief information officers and chief security officers with
limited staff, eSO Advisor enables departments to streamline and
co-ordinate their security efforts while also securing their
network down to the operating system and applications level.
As for the future, Hammond said eSecurityOnline has no intention of
becoming a security asset management software company.
"We try to gear our products around our strength, which is
aggregation of knowledge".. "We feel we have a jump, having spent
tens of millions of dollars in customer management, to aggregate
that knowledge from around the world," he added.