Vendors tighten security offerings

Security vendors in the government market are increasingly seeing a new

type of customer: agency managers who know they need something but don't

know exactly what. Spurred to action by presidential directives and hacker

threats, many agencies are eager to beef up their security but are short

on the skills to do it.

Like several other security vendors, Internet Security Systems Inc.

(ISS) is reshaping its business to offer help through consulting services

and by bundling its products into an integrated suite that simplifies security


"The new mainstream customers need to be served in a different way than

the traditional market," said Tim McCor- mick, vice president of corporate

marketing at ISS.

As agencies begin to offer their services via the Internet, they want

security to be another piece of the support system. "These are the people

who see security as an enabler," said Steve Russ, vice president of strategy

and corporate development at ISS.

ISS is putting together new offerings for these customers. The consulting

services, first offered last year after ISS acquired Netrex Secure Solutions,

now include a series of managed security services and education offerings

based on best practices such as British Standard 7799.

Also, ISS' federal group is creating its own professional services group

during the next few months, and that group will offer product deployment

services and education solutions.

The General Accounting Office has emphasized the need for agencies to

base security on the level of risk for each system or application, and a

key part of that is vulnerability analysis tools such as ISS' Internet,

system and database scanner.

Last year, the company tied together several of its products into the

ISS SafeSuite managed security platform. The benefit of integrating the

vulnerability assessment and intrusion-detection tools is that when a new

vulnerability is found, it is immediately fed to the detection sensors.

Likewise, when the sensors notice a new attack, the system passes information

back to the analysis engine.

Other new products include solutions that will extend the technology and

make it simpler for less-experienced administrators, McCormick said. Among

these are the new RealSecure Server Sensor family, which enables agencies

to monitor the traffic going through the server in addition to the traffic

on the network, and the RealSecure Network Appliance, which provides a way

to simply plug intrusion detection into a network.


Sample of Internet Security Systems' consulting services


* British Standard 7799 risk assessment.

* Vulnerability assessment.

* Penetration assessment.

* Threat assessment.


* Security strategy workshop.

* Information security architecture and policies.

* Risk management processes.


* Security deployment workshop.

* Product deployment services.

Manage and Support

* Emergency response services.

* Vulnerability and threat management.

* Configuration management.

* Policy management.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.