eSecurityOnline LLC, a unit of Ernst & Young, on Tuesday announced it is migrating its 2-year-old security vulnerability scanning service to a product format, with an appliance that can alert users to systems and applications that are subject to exploitation by known vulnerabilities.
The new eSO Advisor effectively puts to work in a customer’s enterprise the 2,400 E&Y experts that are constantly on the lookout for security vulnerabilities, says Robin Hutchinson, CEO of eSecurityOnline, based in Kansas City, Mo.
eSecurityOnline’s existing Framework service likewise identifies enterprise-specific vulnerabilities and provides remediation instructions, Hutchinson says. But eSO Advisor adds automated asset discovery and inventory capabilities, as well as workflow and correlation features that help ensure vulnerabilities get repaired.
Upon installation, eSO Advisor surveys devices within specific IP address ranges to determine identifying information about each one. It can monitor devices including firewalls and intrusion detection systems as well as databases, Web servers, enterprise resource planning (ERP) and other applications running on any of six operating systems: HP UX, Windows NT, 2000 or XP, Red Hat Linux and Solaris. The device will find up to 500 assets. Users choose up to 254 that they want to manage — the limit for each appliance.
Users also determine how often the appliance should download fresh vulnerability data from eSecurityOnline. When an asset is found to be vulnerable, the event is sent to a workflow engine that determines which administrator is responsible for that asset. The administrator indicates when the fix is implemented. A reporting feature shows which issues are outstanding, how quickly vulnerabilities were fixed and the like, providing a baseline and helping users identify their most serious areas of vulnerability.
“This is different from compliance testing and vulnerability scanning,” Hutchinson notes. “Scanners can find vulnerabilities; eSO Advisor tells you whether they’ve been fixed.”
List price for eSO Advisor is $32,495. Another component, eSO Director, is used to manage multiple Advisors. It, too, costs $32,495.