AppScan 6.0 Keeps A Close Watch On Network Security

Obviously, it pays in many ways to validate security. Security validation not only brings profits to resellers, but also proves that the ROI of technologies are in place and helps to avoid fines associated with failure to meet legislative requirements set forth by Sarbanes-Oxley, HIPAA, GLBA and COPPA.

Security validation has always been a complex and time-consuming process, but one company hopes to change that. Waltham, Mass.-based Watchfire announced on Dec. 5 the availability of AppScan version 6.0, a follow-up to its successful version 5.0.

Version 6.0 offers a completely redesigned user interface, which clearly defines actions to be performed and offers enhanced wizards to simplify the validation of application security. Solution providers will appreciate how quickly they can get up to speed with the latest version of AppScan. The simplified interface shifts the expertise from running the product to analyzing the results, a better opportunity for solution providers to sell remediation services—a very profitable line of work.

Ease of use is a theme found throughout the new AppScan version, evident in how users follow the workflow, which is laid out in a discover, report and remediate fashion.

The first step is the discover process, during which a user defines what to test and where to test it. This is accomplished with a quick-start wizard where a user inputs a URL, creates login credentials and defines the depth of the scan. Once that process is completed and launched, AppScan begins the testing process. During the testing, results are displayed in realtime and are logged.

After a scan is completed, users have several options, which is further simplified by how AppScan does a roll-up (or grouping) of found vulnerabilities.

Referred to as an Application-Centric Remediation View, the list of vulnerabilities includes a remediation view that shows a comprehensive list of remediation tasks needed to fix the security issues found by the scan. That view presents the scan results and the fix recommendations to those who need to know.

Of course, all the data gathered offers additional value when migrated to reports. This is yet another area in which AppScan 6.0 offers an impressive feature set. The product includes dozens of preconfigured report templates that can be modified to fit a particular user&'s needs.

Regulatory compliance reporting is included, allowing users to translate the data into meaningful reports that meet as many as 31 compliance requirements and standards. Add the included ability to generate industry-standard reports such as the SANS top 20 and WASC standards, and AppScan proves to be an ideal choice for vulnerability reporting.

Watchfire has built a channel program that also stresses simplicity. Separated into two tiers, Referral and Reseller, the company&'s program requires each partner to meet an assigned quota and dual-marketing commitments and to pursue internal training.

The company said it interviews partners rigorously to ensure compatible customer success priorities. Watchfire partners receive business planning support and full pre- and post-sales support. The minimum requirement for authorized partners is to complete sales and technology training (certification) in addition to producing joint business plans. Training does come at a price, however, starting at approximately $2,000 for the certification process. Afterward, there is a calculated yearly fee to remain in the partner program. While these requirements may initially seem like negatives, they are intended to guarantee partner commitment and ensure that only properly trained individuals are involved with deploying AppScan.

Watchfire offers lead-generation services, combined marketing efforts and additional sales incentives related to volume. The company did not disclose product margins, but most resellers will garner the bulk of the profits from the service opportunities created by the product.