Vendors tighten security offerings

Security vendors in the government market are increasingly seeing a new

type of customer: agency managers who know they need something but don't

know exactly what. Spurred to action by presidential directives and hacker

threats, many agencies are eager to beef up their security but are short

on the skills to do it.

Like several other security vendors, Internet Security Systems Inc.

(ISS) is reshaping its business to offer help through consulting services

and by bundling its products into an integrated suite that simplifies security


"The new mainstream customers need to be served in a different way than

the traditional market," said Tim McCor- mick, vice president of corporate

marketing at ISS.

As agencies begin to offer their services via the Internet, they want

security to be another piece of the support system. "These are the people

who see security as an enabler," said Steve Russ, vice president of strategy

and corporate development at ISS.

ISS is putting together new offerings for these customers. The consulting

services, first offered last year after ISS acquired Netrex Secure Solutions,

now include a series of managed security services and education offerings

based on best practices such as British Standard 7799.

Also, ISS' federal group is creating its own professional services group

during the next few months, and that group will offer product deployment

services and education solutions.

The General Accounting Office has emphasized the need for agencies to

base security on the level of risk for each system or application, and a

key part of that is vulnerability analysis tools such as ISS' Internet,

system and database scanner.

Last year, the company tied together several of its products into the

ISS SafeSuite managed security platform. The benefit of integrating the

vulnerability assessment and intrusion-detection tools is that when a new

vulnerability is found, it is immediately fed to the detection sensors.

Likewise, when the sensors notice a new attack, the system passes information

back to the analysis engine.

Other new products include solutions that will extend the technology and

make it simpler for less-experienced administrators, McCormick said. Among

these are the new RealSecure Server Sensor family, which enables agencies

to monitor the traffic going through the server in addition to the traffic

on the network, and the RealSecure Network Appliance, which provides a way

to simply plug intrusion detection into a network.


Sample of Internet Security Systems' consulting services


* British Standard 7799 risk assessment.

* Vulnerability assessment.

* Penetration assessment.

* Threat assessment.


* Security strategy workshop.

* Information security architecture and policies.

* Risk management processes.


* Security deployment workshop.

* Product deployment services.

Manage and Support

* Emergency response services.

* Vulnerability and threat management.

* Configuration management.

* Policy management.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.