eEye Tool Helps Find, Fix Vulnerabilities

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,669570,00.asp

By Dennis Fisher 
November 5, 2002 

In an effort to tap the potential of its various security
technologies, eEye Digital Security Inc. next week will unveil its new
Enterprise Vulnerability Assessment and Remediation Management
solution.

The new offering, which will be generally available at the end of
November, is essentially a combination of eEye's flagship Retina
scanner and its new Remote Enterprise Management console. Designed for
large enterprises with complex, distributed networks, the new solution
includes an integrated vulnerability remediation process in addition
to its core scanning and reporting capabilities.

Administrators can set up scheduled scans or perform manual operations
from the new console. Once a scan is complete, the Retina software
sends it data back to the console via an encrypted channel. That data
is then combined with information from other scanners across the
network and displayed in a series of charts and graphs showing
vulnerabilities for each IP address scanned.

The scan data can also be imported into such management systems as
IBM's Tivoli software or Hewlett-Packard Co.'s OpenView.

After all of the vulnerabilities have been identified, the
administrator can then delegate the remediation of each one to a
specific person. This generates a new remediation ticket, which
includes a description of the vulnerability, the machines it affects
and a link to the patch. After fixing the problem, the analyst then
closes the ticket, enabling managers to see which vulnerabilities have
been addressed and which are still pending.

"Our customers have been saying, you've told us that there all of
these vulnerabilities out there, now what do we do about them?" said
Firas Raouf, chief operating officer at eEye, based in Aliso Viejo,
Calif.

The new Remote Enterprise Management console is capable of controlling
all of eEye's products - SecureIIS, Iris, Blink and Retina - and can
also handle security alerts from other vendors' products.

The new solution will be sold based on the number of IP addresses to
be scanned, with prices varying from about $10 per address to about
$20-$25 per address, Raouf said.

eEye joins a crowded market segment with the announcement of this new
solution. Companies such as Foundstone Inc., Qualys Inc. and others
have similar offerings.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.