• Home
  • /
  • Computing
  • /
  • ISS extends risk assessment platform for enterprise-wide security policy management and proactive e-business protection

ISS extends risk assessment platform for enterprise-wide security policy management and proactive e-business protection

Johannesburg, 18 Aug 1999
Read time 6min 20sec

Internet Security Systems (ISS) announced today that it has significantly extended the functionality of its risk assessment solutions, providing customers with a critical platform for security risk management across databases, network services, applications, operating systems, servers and desktops. New versions of its critical security scanning solutions -- Database Scanner, Internet Scanner and System Scanner- empower customers to effectively predict, quantify, and eliminate security risks to organizations` e-business and e-commerce infrastructures.

"As the true pioneer of the industry`s first vulnerability detection system, Internet Scanner, ISS has come a long way in the continued evolution of a set of technologies critical to information protection in the age of e-commerce," said Matthew Kovar, senior analyst with the Yankee Group. "Coupled with ISS` comprehensive intrusion detection and decision support offerings, ISS is providing customers with a powerful solution for a difficult aspect of information protection -- the ongoing management of enterprise security risks."

"As organizations move to reap the benefits associated with e-business, they open up their enterprise networks to risks that are increasingly difficult to measure and manage, thus placing their investments in e-business in danger," said Patrick Taylor, vice president of ISS` vulnerability management product line. "ISS is providing an important solution to this challenge with the industry`s broadest and deepest platform for risk management." Taylor added, "This unique risk assessment platform enables customers to gain multiple perspectives on security performance throughout the enterprise, fostering quick responses to security problems and a safer, more productive e-business environment."

Importance of Security Risk Management

Managing the risks associated with new technologies and e-business initiatives requires a critical set of applications for measuring security posture on an ongoing basis across every device and system on the network. ISS` risk assessment technologies -- an integral component of ISS` SAFEsuite product line of security management solutions - do just this, empowering organizations to easily determine if traditional security safeguards and built-in security features are working to ensure the availability and integrity of e-business systems.

ISS` risk assessment platform provides customers with three important benefits, providing answers to the following critical questions:

Predicting Risk.


.         What is the current state of your systems?

.         Where are security failures likely, or actually occurring?

.         How effective is the security policy?

Quantifying Risk.


.         What failures will cause the most harm?

.         What security risks need to be addressed first?

Managing Risk.


.         What changes have occurred in the organization`s risk profile?

.         What changes in security policy should be made to ensure appropriate levels of security?

.         Is security improving over time and if not, what mitigating actions will improve it?

ISS` risk assessment platform is made up of three unique and important types of security management applications: Internet Scanner for network-based risk assessment to manage risk across the network; System Scanner for host-based risk assessment to manage risk within critical servers and desktops; and Database Scanner to manage risk associated with database servers and enterprise applications. All three products utilize ISS` extensive X-Force Security Knowledge Base to automatically scan a network, system, database, server or application, identify security vulnerabilities and threats and respond with prioritized actions to protect critical e-business systems and applications.


To make it easy to manage risks, ISS is providing its customers with two critical levels of integration including:

Operational integration - Today`s announcement unveils the first phase of ISS` operational integration within its risk assessment platform with the ability for customers to benefit from initial integration between Internet Scanner and Database Scanner and combine the ability to scan and manage the security of networks and databases.

Data integration -- ISS` risk assessment platform data can be combined with RealSecure intrusion detection and Check Point and Network Associates firewall data through ISS` unique decision-support application, SAFEsuite Decisions. SAFEsuite Decisions automates the collection, integration, analysis and reporting of enterprise-wide security information from multiple sources and locations provides the power to make quick, decisions to correct the most severe security conditions.

New Product Functionality - Internet Scanner 6.0

Internet Scanner 6.0 extends ISS` leadership position and pioneering efforts in network security assessment. New features include:

.         Quick and Easy Updates - Internet Scanner`s new X-Press Updates enable customers to automatically receive new countermeasures for defending their networks against the latest vulnerabilities and threats.

.         Easy Security Policy Customization - Customers can easily develop their own "Flex Checks" or customized detection methods targeted at unique aspects of their environment.

.         Comprehensiveness-Internet Scanner continues to be the market`s most comprehensive solution for vulnerability detection. Version 6.0 includes a significant number of new, built-in vulnerability checks for the latest security risks including over 24 checks for evidence of backdoor programs such as BackOrifice 2000.

.         Integration - ISS is providing the industry`s first assessment operational integration by tying together functions across Database Scanner and Internet Scanner to enable customers to more effectively manage combined database and network security risks.

System Scanner 4.0

System Scanner 4.0 provides advanced host-based risk assessment capabilities to for the next level of risk management - the lock down of critical Unix and Windows NT-based servers and desktops. New features include:

.         Broad Platform Support -- System Scanner now supports over 24 platforms including many types of Unix platforms such as Linux as well as Windows NT, and Netware.

.         Easy Security Policy Customization - Customers can easily develop their own "Flex Checks" or customized detection methods targeted at unique aspects of their environment.

.         Enterprise Management Architecture -- System Scanner`s new architecture provides ease of management and distributed security control in an enterprise environment.

.         Instant Alerts - System Scanner can now immediately respond to violations in security policy by sending alerts via pager or email to administrators or communicating via a SNMP trap with major network management systems such as HP OpenView of Tivoli Enterprise.

Database Scanner 3.0

The new version of Database Scanner, the industry`s first and leading solution for database security management, automates the process of securing mission critical data stored in Microsoft, Oracle and Sybase database servers, enabling customers to easily manage the security and administration of these critical systems. Database Scanner is fundamental to ensuring that customers` databases are properly secured, providing powerful security management of built-in database security features. New features include:

.         Oracle Support - Database Scanner 3.0 adds support for Oracle8 and 7.3 databases on Unix or Windows NT systems

.         Broader Support for Multiple Types of Database Servers -- Database Scanner now enables automated database security management for 3 major database server platforms including Microsoft SQL Server, Oracle and Sybase Adaptive Servers.

.         Operational Integration - Database scans can now be easily combined with network scans, improving the combined security management of networks and databases.


Internet Scanner version 6.0, System Scanner version 4.0, and Database Scanner 3.0 will ship in September. All products will be available for download from ISS` Web site,


ISS leads the market as the source for e-business risk management solutions, serving as a trusted security provider to 21 of the 25 largest U.S. commercial banks and more than 35 government agencies. With its Adaptive Security Management approach, ISS enables information protection and continuous security improvement within Intranet, extranet and electronic commerce environments. Its award-winning SAFEsuite product line is vital for protection in today`s world of global connectivity, enabling organizations to proactively monitor, detect and respond to risks to enterprise information. Founded in 1994, ISS is headquartered in Atlanta, GA with additional offices throughout the U.S. and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at

Login with