ESsecurityOnline, a security software company owned by Ernst & Young, is wading into the security management market with a vulnerability management appliance.
The product, called eSO Advisor, will use a database of information collected by Ernst & Young experts to help organisations track and manage security vulnerabilities on their networks and will sell for $32,495 (£20,849).
The product allows companies to generate automatically and maintain informational profiles of assets such as hardware devices, operating systems and installed applications. That asset information is compared against a database of 4,800 remote and host-based security vulnerabilities compiled by Ernst & Young, generating a prioritised list of security vulnerabilities that is correlated to an organisation's specific devices and software.
“We found that our customers were apprehensive about putting asset profile information into Ernst & Young's systems,” said Ken Hammond, vice-president of business development at eSecurityOnline. “To drive consensus, we made the push towards a compartmentalised solution.”
The eSO Advisor is a rack-mounted, one-CPU appliance based on a Dell Computer PowerEdge 1650 server running the eSecurityOnline software and the Windows 2000 operating system.
Each appliance can manage up to six non-contiguous “Class C” IP (Internet Protocol) ranges and a total of 254 unique IP addresses. Customers with large networks can deploy multiple eSO Advisor units. A companion appliance, the eSO Director management console, is available to co-ordinate the activities of the various appliances. The eSO Director is sold separately for the same price as the eSO Advisor.
The eSO Advisor draws from knowledge eSecurityOnline gained through the development of its eSO Framework risk management product. That tool also targets critical IT infrastructure, creating configuration standards, identifying vulnerabilities and software fixes, and helping companies to create and maintain security policies.
Unlike eSO Framework, eSO Advisor jettisons the security policy management features, a move that will make it more attractive to mid-market companies that are not using Ernst & Young for security-related services.
For chief information officers and chief security officers with limited staff, eSO Advisor enables departments to streamline and co-ordinate their security efforts while also securing their network down to the operating system and applications level.
As for the future, Hammond said eSecurityOnline has no intention of becoming a security asset management software company.
“We try to gear our products around our strength, which is aggregation of knowledge”.. “We feel we have a jump, having spent tens of millions of dollars in customer management, to aggregate that knowledge from around the world,” he added.