Vendors tighten security offerings
- By Diane Frank
- Apr 17, 2000
Security vendors in the government market are increasingly seeing a new
type of customer: agency managers who know they need something but don't
know exactly what. Spurred to action by presidential directives and hacker
threats, many agencies are eager to beef up their security but are short
on the skills to do it.
Like several other security vendors, Internet Security Systems Inc.
(ISS) is reshaping its business to offer help through consulting services
and by bundling its products into an integrated suite that simplifies security
"The new mainstream customers need to be served in a different way than
the traditional market," said Tim McCor- mick, vice president of corporate
marketing at ISS.
As agencies begin to offer their services via the Internet, they want
security to be another piece of the support system. "These are the people
who see security as an enabler," said Steve Russ, vice president of strategy
and corporate development at ISS.
ISS is putting together new offerings for these customers. The consulting
services, first offered last year after ISS acquired Netrex Secure Solutions,
now include a series of managed security services and education offerings
based on best practices such as British Standard 7799.
Also, ISS' federal group is creating its own professional services group
during the next few months, and that group will offer product deployment
services and education solutions.
The General Accounting Office has emphasized the need for agencies to
base security on the level of risk for each system or application, and a
key part of that is vulnerability analysis tools such as ISS' Internet,
system and database scanner.
Last year, the company tied together several of its products into the
ISS SafeSuite managed security platform. The benefit of integrating the
vulnerability assessment and intrusion-detection tools is that when a new
vulnerability is found, it is immediately fed to the detection sensors.
Likewise, when the sensors notice a new attack, the system passes information
back to the analysis engine.
Other new products include solutions that will extend the technology and
make it simpler for less-experienced administrators, McCormick said. Among
these are the new RealSecure Server Sensor family, which enables agencies
to monitor the traffic going through the server in addition to the traffic
on the network, and the RealSecure Network Appliance, which provides a way
to simply plug intrusion detection into a network.
Sample of Internet Security Systems' consulting services
* British Standard 7799 risk assessment.
* Vulnerability assessment.
* Penetration assessment.
* Threat assessment.
* Security strategy workshop.
* Information security architecture and policies.
* Risk management processes.
* Security deployment workshop.
* Product deployment services.
Manage and Support
* Emergency response services.
* Vulnerability and threat management.
* Configuration management.
* Policy management.