Symantec Takes Wraps off Vulnerability Assessment Tool

Vulnerability Assessment 1.0 helps administrators identify vulnerable systems across their networks, prioritizes vulnerabilities, and provides links to security patches and guidance on how to protect a system if there isn't a patch available, said Ronald Van Geijn, director of product management at Symantec, based here.

The tool allows a customer to check a single system or group of systems for vulnerabilities and works faster and more efficiently than network-based scanners, he said. Integrated with Symantec's Security Management System, Vulnerability Assessment 1.0 uses a common console, data repository, directory service and agent.

Incident Manager, another component of Symantec's Security Management System, automatically correlates data from various security devices such as antivirus, firewall and intrusion detection products in order to identify incidents and coordinate incident response.

With Incident Manager 2.0, Symantec is providing real-time event correlation in order to help companies identify and manage threats to their business, said John Heath, Symantec senior product manager.

The product also has a new feature called attack tracing, which associates a security event with an existing incident if one has already been named, rather than calling it a new incident in order to reduce the management burden, he said.

Combined with Vulnerability Assessment 1.0, Incident Manager 2.0 reduces false positives, and allows companies to "focus on the incidents that are really hurting them in the context of their business," Heath said.

Pricing for Vulnerability Assessment 1.0 is $795 per server and supports Windows, Solaris, IBM AIX, HP Unix and Red Hat Linux. Workstation pricing is $150 for Windows 2000 and Windows XP. Pricing for Incident Manager 2.0 is based on the number of devices monitored.