McAfee on Monday revealed the next phase of its risk management strategy, which includes tools for diagnosing network vulnerabilities and helping companies comply with corporate security policies.
At the heart of the risk management lineup is Foundstone Enterprise 5.0, a revamped threat management solution that companies can use to identify areas of vulnerability in their networks, said George Kurtz, senior vice president of risk management at McAfee, Santa Clara, Calif. Foundstone includes a realtime threat information feed and automated reporting that helps organizations to figure out where to focus remediation efforts.
Previous versions of Foundstone couldn't scan non-Windows systems, but version 5.0 enables companies to conduct authentication checks in Unix and Linux systems, including the latest versions of Red Hat Enterprise, Solaris and AIX. "We're now getting much broader coverage with credentialed assessment," Kurtz said.
Deeper integration and bidirectional communication between Foundstone and third-party trouble-ticketing systems such as BMC Remedy is another enhancement that helps companies stay up to date with tasks such as patch management, he added.
Part of the thought process behind McAfee's 2004 acquisition of Foundstone was to leverage its ePolicy Orchestrator (ePO) platform, which manages security policies for more than 40 million endpoints, to provide a complete view of the state of network assets, according to Kurtz. Though Foundstone 5.0 hasn't yet been integrated with ePO, Foundstone eventually will be able to gather threat information from agent-based and non-agent-based systems, he said.
"We believe visualization into the agent and non-agent side can provide a better picture into what's happening in the environment," Kurtz said.
Foundstone 5.0 is designed work with two products McAfee gained in its acquisition of threat management vendor Preventsys in June. Preventsys Compliance Auditor takes data from Foundstone and compares it with corporate security policies to verify that compliance goals are being met, and Preventsys Risk Analyzer gathers vulnerability data from multiple vendors to spotlight a company's risks, said Michelle Johnson Cobb, group product marketing manager at McAfee.
McAfee partners with risk management certification are approved to sell McAfee Preventsys without additional certification requirements. However, when partners come up for renewal of their risk management certification, they will be required to take the new Preventsys certification module, which will be part of new risk management certification requirements that McAfee is developing, Cobb said.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
