Ernst & Young to sell vulnerability management tool

ESsecurityOnline LLC, a security software company owned by Ernst & Young LLP, is wading into the security management market with a new vulnerability management appliance.

The product, called eSO Advisor, will use a database of information collected by Ernst & Young experts to help organizations track and manage security vulnerabilities on their networks and will sell for US$32,495, according to Ernst & Young.

The product allows companies to automatically generate and maintain informational profiles of assets such as hardware devices, operating systems and installed applications. That asset information is compared against a database of 4,800 remote and host-based security vulnerabilities compiled by Ernst & Young, generating a prioritized list of security vulnerabilities that is correlated to an organization’s specific devices and software.

“We found that our customers were apprehensive about putting asset profile information into Ernst & Young’s systems,” said Ken Hammond, vice-president of business development at eSecurityOnline. “To drive consensus, we made the push towards a compartmentalized solution,” he said.

The eSO Advisor is a rack-mounted, one-CPU appliance based on a Dell Computer Corp. PowerEdge 1650 server running the eSecurityOnline software and the Windows 2000 operating system, according to Hammond.

Each appliance can manage up to six non-contiguous “Class C” IP (Internet Protocol) ranges and a total of 254 unique IP addresses, Ernst & Young said. Customers with large networks can deploy multiple eSO Advisor units. A companion appliance, the eSO Director management console, is available to coordinate the activities of the various appliances. The eSO Director is sold separately for the same price as the eSO Advisor, according to Ernst & Young.

According to Hammond, the eSO Advisor draws from knowledge eSecurityOnline gained through the development of its eSO Framework risk management product. That tool also targets critical IT infrastructure, creating configuration standards, identifying vulnerabilities and software fixes, and helping companies to create and maintain security policies.

Unlike eSO Framework, eSO Advisor jettisons the security policy management features, a move that will make it more attractive to mid-market companies that are not currently using Ernst & Young for security-related services, according to Hammond.

For chief information officers and chief security officers with limited staff, eSO Advisor enables departments to streamline and coordinate their security efforts while also securing their network down to the operating system and applications level, according to Hammond.

As for the future, Hammond said eSecurityOnline has no intention of becoming a security asset management software company.

“We try to gear our products around our strength, which is aggregation of knowledge,” Hammond said. “We feel we have a jump, having spent tens of millions of dollars in customer management, to aggregate that knowledge from around the world,” he said.