Security Basics mailing list archives
RE: Risk management products
From: Tony UcedaVélez <tonyuv () versprite com>
Date: Wed, 21 Feb 2007 00:31:05 -0500
You have to check out The Gideon Group's SecureFusion (http://www.thegideongroup.com/securefusion-suite.asp) product. Its been used at top U.S banks, gov't dept, healthcare organizations, and even major retail groups. It uses agent less authenticated/ non-authenticated techniques to perform policy gap analysis, configuration assessments, control based risk assessments, wireless assessments, asset management, compliance based assessments, and more. In my first introduction to the product, roughly 1.5 years ago, it went head to head with McAfee's Citadel, Symantec's Compliance Center (old Bindview), and Cambia's risk assessment product and won great reviews and ultimately a contract at the place of work I was at (top 10 U.S bank). The great thing about SecureFusion is that its based up SOA, therefore it can integrate with any server/ device/ appliance b/c its not platform dependent. Its also module based so it fulfills a lot of needs, as previously mentioned. Preventsys is a great product, but it relies completely on the capabilities of the underlying scanning component, which is not all inclusive within the product. Hope this helps. Tony UcedaVélez, CISA, GIAC VerSprite, LLC (office) 678.938.3434 (email) tonyuv () versprite com (web) www.versprite.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of offset Sent: Friday, January 19, 2007 11:52 AM To: security-basics () securityfocus com Subject: Risk management products Greetings and salutations, I'd be interested in opinions regarding the various Risk Management/Aggregation products/tools out there. products such as: Preventsys Skybox Any others that I am missing? Looking for the following characteristics (high level): * Ability to pull in raw data from many security tools * Ability to normalize threats from many different sources * Ability to add custom risk weightings by network, os, platform, etc. -- offset () ubersecurity org -- Got Tor? Support anonymous Internet communication. http://tor.eff.org/
Current thread:
- RE: Risk management products Tony UcedaVélez (Feb 21)