Portals eNewsletters Web Seminars dataWarehouse.com DM Review Magazine
DM Review | Covering Business Intelligence, Integration & Analytics
   Covering Business Intelligence, Integration & Analytics Advanced Search

View all Portals

Scheduled Events

White Paper Library
Research Papers

View Job Listings
Post a job


DM Review Home
Current Magazine Issue
Magazine Archives
Online Columnists
Ask the Experts
Industry News
Search DM Review

Buyer's Guide
Industry Events Calendar
Monthly Product Guides
Software Demo Lab
Vendor Listings

About Us
Press Releases
Advertising/Media Kit
Magazine Subscriptions
Editorial Calendar
Contact Us
Customer Service

Preventsys Announces Release of Government Information Security Auditing Module

    Online News published in DMReview.com
September 18, 2003

Preventsys, the pioneer in automated security auditing, announced the addition of a new policy module for Government information security auditing, risk management and remediation to its Preventsys Network Audit and Policy Assurance System. The module consists of preprogrammed policies for National Security Agency (NSA) and National Institute of Standards and Technology (NIST) Information Security guidelines, plus a framework and library of security rules for the rapid development of additional government policies which can be automatically tested for compliance on large government networks.

These new policies contain guidelines for the secure deployment and configuration of hardware and software products on large networks, focusing on aspects common to most networks today. Some of the areas covered during auditing of these policies include firewalls, databases, operating systems, Microsoft Windows servers and network architecture, routers and cryptographic solutions for data storage and communication. They are designed for any government or non-government organization that requires a high-level of protection of sensitive information and systems.

"Eliminating vulnerabilities on large government networks is an important tactical objective," said Richard Clarke, Chairman of Good Harbor Consulting and former advisor to the President for Cyber Security. "But the strategic, cost effective security win comes from also preventively adopting good network security policies and the auditing of those policies for strict compliance in advance of cyber security incidents. Preventsys has created a way to codify best practice and government security policies, along with vulnerability risk analysis, so that an automated security auditing system can efficiently enforce both objectives across very large corporate and government networks."

Preventsys is a new breed of automated security auditing systems designed to regulate security on very large corporate and government networks and the Internet. The system works preventively, in advance of damaging security incidents, to manage and enforce a variety of security objectives on large networks, including:

  • Security Policy Regulation - Preventsys audits compliance with a library of customizable best practice, regulatory, government and commercial policies that have in the past only existed as written policies in three-ring binders, largely out of date and unapplied. Preventsys encodes those policies in its Policy Description Language, an XSL-based method for representing complex policy rules in an easy to deploy manner.
  • Vulnerability Risk Management - Preventsys audits for thousands of vulnerabilities, interoperating with a wide variety of security and vulnerability assessment tools in place in large organizations and the government, analyzing the results and exploring vulnerability chains and complex attacks based upon programmable knowledge about the network.
  • Remediation Success - Preventsys audits and manages remediation processes, using an on-board workflow system or integrating with third-party patch management, ticketing or systems management products, "regression auditing" every completed remediation task to assure that the risk has been eliminated and no new risk has been created.

These preprogrammed policies contain hypertext links from the original English language source documents published by the government agencies to specific security rule fragments that are audited across the network using the Preventsys Network Audit and Policy Assurance System. The Preventsys system automates the auditing of policy violations, vulnerability risk management and remediation success formerly performed infrequently by consultants on very small samples of very large networks. The Preventsys system eliminates sampling, dramatically increases scheduled frequency of auditing and applies corporate best practices, federal standards, regulatory and commercial security policies, all encoded in a uniform, machine readable format applied to every device that touches the network.

By example, when SQL Slammer hit, organizations that had adopted NIST and NSA guidelines such as the NSA "Guide to the Secure Configuration and Administration of Microsoft SQL Server 2000," and audited compliance with those policies for every database on their network prevented exposure to the worms that attacked and infected SQL Server machines. Preventsys ensures that these federal policies can be incorporated into an organization's overall enterprise security policy, but more importantly, it audits for policy violations across the network to ensure that these complex policies can be enforced on every machine, every device and every network node.


Check out DMReview.com's resource portals for additional related content, white papers, books and other resources.

This piece has been brought to you by the DM Review Editorial staff.

E-mail This Online News E-Mail This Online News
Printer Friendly Version Printer-Friendly Version
Request Reprints Request Reprints
Site Map Terms of Use Privacy Policy
SourceMedia (c) 2006 DM Review and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.