TruSecure, a managed security services company, has waded into the crowded waters of security software applications with the announcement of a new enterprise security management application called Risk Commander.
The announcement was part of a larger program by TruSecure to repackage its network security and application vulnerability expertise in the form of software, TruSecure chief executive officer, John Becker, said.
Risk Commander is a risk management tool that pulls together and analyses data from other security products such as network scanning applications, firewalls and network management products. This saves network administrators from having to work with dozens of separate security products and lets them spot relationships between disconnected security events on their network.
The new product is built on a rules engine and back-end database purchased from Cogentric, start-up company TruSecure acquired in July.
To that technology, TruSecure added application security intelligence and analytic capabilities derived from its ICSA Labs division, which performs application vulnerability testing, the company said.
Risk Commander can read security data output by third-party security and network management products in Extensible Markup Language (XML) format, enabling it to provide a comprehensive picture of an organization's network security infrastructure, TruSecure said.
Corporate executives get a security management "dashboard" of tools such as a policy compliance feature that analyses security data against established security policies or regulatory requirements.
A vulnerability analysis and reconciliation feature analysed vulnerabilities in the context of a company's business operations, enabling managers to prioritise patching and other remediation, TruSecure said.
Risk Commander also has eye-friendly scorecards and trend analysis features that help executives grasp their company's exposure to risk and progress toward improving security, the company said.
Executives access the features through a split user interface that provides different "snapshots" of a company's security posture, director of product marketing at TruSecure, Bob Flinton, said.
For example, one part of the user interface might display information about a company's progress toward compliance with the US Health Insurance Portability and Accountability Act of 1996 (HIPAA). Clicking on that area of the user interface would bring up a more detailed analysis of outstanding and completed tasks, he said.
The enterprise software application was the first member of a new product family that TruSecure dubbed "TruSolutions" and marks an almost year-long effort to build up TruSecure's software development business, Becker said.
The company now had about 40 employees working on software development and was investing heavily in development of new technologies and security automation tools, he said.
TruSecure is targeting Fortune 50 and Fortune 100 companies in heavily regulated industries such as health care and financial services as potential customers for its new products.
The company is betting on its inhouse security and vulnerability analysis talent and its background as an enterprise-focused security services company to distinguish it from more companies with more established products such as Symantec and Network Associates, which also offer security management products, Becker said.
More product releases are likely in coming months, including a scanning tool similar to those offered by Qualys and a tool that linked TruSecure's IntelliShield security vulnerability alerting service to features for identifying and classifying network assets, Flinton said.
Risk Commander would be available in November with prices starting at $US150,000 for an enterprise license, TruSecure aid.