A Good Kind Of Audit

Auditing network security has become a necessity with today's complex Internet networks, yet many businesses have found the procedure a time-consuming and expensive process. Said expenses and time-intensive tasks often force smaller businesses to eschew them, or at least reduce the frequency of audits. Smaller businesses do have an advantage when it comes to one element of network security; their applications and Web-based offerings tend to remain somewhat static. Simply put, by limiting change, small business sites automatically limit vulnerabilities. Nevertheless, best practices dictate that security audits are a "must do."

Solution providers looking to get involved in the security auditing services market no longer have to outlay large amounts of cash or retrain staff members, all thanks to WebInspect Direct from SPI Dynamics, a managed service security auditing offering, which is based on scheduled scans. Solution providers can schedule scans to take place as frequently as desired and as often as a customer's budget allows.

WebInspect Direct is a fully automated security scanning service and has very little overhead for the typical VAR. VARs simply sell a customer a scan and then have SPI Dynamics perform the scan. What's more, VARs can easily customize reports to address the needs of individual customers. SPI Dynamics also generates extensive security reports and has in-house engineers examine the output. In other words, VARs need to do little more than deliver the information to their customers and then sell remediation solutions to fix any discovered problems.

The product combines several security scanning technologies to offer the most comprehensive application security scan feasible. The product scans for several known vulnerabilities, exercises attacks to test security and then rolls all of the gathered information into actionable reports. For example, any discovered vulnerabilities will be fully explained and detailed within the report, with charts and diagrams to back up the discoveries. The vulnerabilities are automatically categorized by severity, and solution providers can use the information to quickly react to threats.

Partners can either choose to resell the service as a self-branded offering or pursue the simple alternative of earning referral fees by recommending WebInspect directly to their clients.

For channel players, the product offers mostly a referral revenue. That business model eliminates the need for complex channel programs and the associated training. VARs can take the results as far as they want to, including fully integrating SPI Dynamics WebInspect Direct into a bandoleer of security services. Either way, WebInspect Direct offers the technology and ease of use to eliminate any arguments against performing security audits.