McAfee ThreatScan checks for virus vulnerabilities
- 02 April, 2002 08:15
Looking to extend the purview of its antivirus software and to help its customers discover network vulnerabilities that viruses might exploit, McAfee Security, a division of Network Associates Inc., Monday announced the release of McAfee ThreatScan, a virus vulnerability assessment tool.
ThreatScan is a new application that works in conjunction with McAfee's ePolicy Orchestrator management console to scan all IP (Internet Protocol)-addressable devices on a network and determine if those devices have any vulnerabilities that might be exploited by viruses, said Candace Worley, product manager at McAfee Security. ThreatScan can discover a host of details about a device, including its operating system, what the most recent service pack or patch applied to it is, what applications are running on it, whether its policies are up to date, whether it is showing signs of virus infection, whether it has open communication ports and more, she said.
The program is essentially a vulnerability assessment tool deigned specifically for viruses, Worley said, adding that it checks for vulnerabilities using two sets of signatures. First, ThreatScan uses vulnerability assessment signatures from Network Associates' COVERT labs and then checks those results with virus signatures from the company's AVERT antivirus labs, she said.
The data gathered from that scan is then collected into ePolicy Orchestrator, where it can be examined and analyzed to determine what machines on the network may be vulnerable to virus attack and in what way, Worley said. Customers are required to use EPolicy Orchestrator with ThreatScan.
McAfee created ThreatScan because its customers were asking "'how do I know what I don't know?'" Worley said.
Despite the fact that many companies are already using vulnerability assessment products that can perform many of ThreatScan's functions, Worley expects that ThreatScan will appeal to a broad number of companies. Whereas traditional vulnerability assessment products are used by security staffers, ThreatScan is specifically designed to be used by antivirus groups and thus the two products will likely be used together in many companies, she said. ThreatScan data can also be used to build rules in McAfee's Desktop Firewall product, she added.
ThreatScan runs on Windows NT/2000 and can scan any IP-addressable device. The software is immediately available worldwide at a starting cost of US$21.64 per node on a network of between 250 nodes and 500 nodes, with prices dropping in volume.