WASHINGTON (04/18/2000) - Security vendors in the government market are increasingly seeing a new type of customer: agency managers who know they need something but don't know exactly what. Spurred to action by presidential directives and hacker threats, many agencies are eager to beef up their security but are short on the skills to do it.
Like several other security vendors, Internet Security Systems Inc. (ISS) is reshaping its business to offer help through consulting services and by bundling its products into an integrated suite that simplifies security management. "The new mainstream customers need to be served in a different way than the traditional market," said Tim McCormick, vice president of corporate marketing at ISS.
As agencies begin to offer their services via the Internet, they want security to be another piece of the support system. "These are the people who see security as an enabler," said Steve Russ, vice president of strategy and corporate development at ISS.
ISS is putting together new offerings for these customers. The consulting services, first offered last year after ISS acquired Netrex Secure Solutions, now include a series of managed security services and education offerings based on best practices such as British Standard 7799. Also, ISS' federal group is creating its own professional services group during the next few months, and that group will offer product deployment services and education solutions.
The General Accounting Office has emphasized the need for agencies to base security on the level of risk for each system or application, and a key part of that is vulnerability analysis tools such as ISS' Internet, system and database scanner.
Last year, the company tied together several of its products into the ISS SafeSuite managed security platform. The benefit of integrating the vulnerability assessment and intrusion-detection tools is that when a new vulnerability is found, it is immediately fed to the detection sensors.
Likewise, when the sensors notice a new attack, the system passes information back to the analysis engine. Other new products include solutions that will extend the technology and make it simpler for less-experienced administrators, McCormick said. Among these are the new RealSecure Server Sensor family, which enables agencies to monitor the traffic going through the server in addition to the traffic on the network, and the RealSecure Network Appliance, which provides a way to simply plug intrusion detection into a network.Sample of Internet security Systems' consulting services Assess British Standard 7799 risk assessment.
Vulnerability assessment.
Penetration assessment.
Threat assessment.
Design
Security strategy workshop.
Information security architecture and policies.
Risk management processes.
Deploy
Security deployment workshop.
Product deployment services.
Manage and Support
Emergency response services.
Vulnerability and threat management.
Configuration management.
Policy management.