Security shop rethinks network scanning

Next Generation Security Software is offering a network and application scanning tool which, it hopes, will take vulnerability...

Next Generation Security Software is offering a network and application scanning tool which, it hopes, will take vulnerability scanning to a higher level.

Typhon III departs radically from earlier releases, said Next Generation Security Software managing director David Litchfield.

NGSSoftware describes the new version of Typhon as an "intelligent scanner" that does not simply rely on a database of known vulnerabilities, as other vulnerability assessment tools do. Instead, Typhon uses internal logic to probe the weaknesses of the machines on a network and to devise vulnerability tests tailored to each host's configuration, Litchfield said.

Beyond traditional vulnerability scanning of operating systems and network defences, Typhon III can find security holes in networks that use SSL (Secure Sockets Layer) over protocols like HTTP (Hypertext Transfer Protocol) to find common application-layer attacks such as SQL injection and Cross Site Scripting attacks. 

NGSSoftware is known more for its security expertise than its products. Litchfield is renowned within the security community as the man who discovered a widespread Microsoft SQL Server vulnerability, then wrote proof of concept code that became the foundation for the Slammer worm.

The Sutton-based company's researchers have discovered more than 200 security vulnerabilities, including high-profile holes in products from Microsoft and Oracle.

That expertise was brought to bear with Typhon III, as NGSSoftware researchers rethought and redesigned methodologies for finding vulnerabilities in common protocols like HTTP, Litchfield said.

With new threats like the Blaster worm quickly exploiting software holes, vulnerability testing is a hot area, said John Pescatore of Gartner.

The latest version of Typhon is more evidence of a shift, led by companies such as SPI Dynamics and Sanctum, to adding application scanning checks on top of traditional network scans, he added.

Increasingly, those companies are tying vulnerability assessment to configuration management and workflow features so that information on security holes is translated directly into work requests for IT administrators, Pescatore said.

Recently, SPI Dynamics and Netcontinuum released a draft of the Application Vulnerability Description Language sponsored by the Organization for the Advancement of Structured Information Standards (Oasis). That language would simplify the kind of product interaction needed to get information to IT administrators more efficiently.

Nevertheless, there is money to be made for small companies like NGSSoftware, which offer streamlined assessment tools and access to information on a broad range of product vulnerabilities, the Spire Group's Pete Lindstrom.

Bigger players in the vulnerability assessment market are usually slower to market with tests for application vulnerabilities and have to divide their energies and investment between vulnerability research, platform support and feature development to meet the needs of their customers, Lindstrom added.

That leaves room for smaller companies with areas of expertise  to "get in deep" on popular applications, he said.

A download of Typhon III is available immediately for evaluation from NGSSoftware's website,

Typhon III costs about $7,100 per user for an enterprise licence. That licence enables an administrator to scan an unlimited number of network hosts for an unlimited length of time.

Limited licences for single host machines are also available, although NGSSoftware could not provide pricing for those licences.

In the US, Typhon III can be purchased from security training and conference company Black Hat.

On Monday, NGSSoftware announced a partnership agreement with Black Hat to market and resell Typhon III and the NGSSoftware Suite of tools in the US.

Paul Roberts writes for IDG News Service

Read more on IT strategy