BindView, Procinct release security services

The Black Hat security conference being held in Las Vegas does not normally feature many new product announcements, but BindView Corp. and Procinct Security Corp. are bucking that trend, with each company announcing a new Web-based security service.

BindView took the wraps off its newest product line, BindView Policy Center, and the first product in that line, Policy Operations Center, on Monday. The Policy Operations Center is a hosted Web service that allows companies to create, modify, update and deploy acceptable-use and computer-security policies for their networks.

The service allows companies to create high-level policy documents that state the company's policy goals, to create a policy for specific computer-use standards and to create a policy that governs technical settings of the systems being used, said Chris Mullins, director of compliance solutions at BindView, which is located in Houston. The technical-settings policy is where companies can specify what kinds of security measures they wish to employ, he said.

The policies are stored on the Web and can be accessed there or printed out, he said. If a company already has a policy document in electronic form, it can be uploaded to the Web site and then modified using BindView's system, he said.

Policy compliance within an organization can be tested using BV-Control, another BindView product, he said.

Creating a sound security policy is crucial for companies because "without that sort of guidance outlining how these tools (computers) are to be used, you don't have anything to go on," he said.

The service is available now and costs US$35,000 per year for three administrator accounts.

Procinct also announced the release of its own Web-based security service ProSentry 2.0 on Wednesday. ProSentry is a managed service that monitors a company's perimeter security measures.

The service scans a company's networks to discover what systems are visible to the public, how those systems are configured, what software they are running and what, if any, vulnerabilities they have, said Sarah Kenna Groark, chief executive officer of Procinct, which is based in San Francisco. The service also checks DNS (Domain Name System) entries for the company and Web site content, she said.

Once the initial discovery has been performed, the service then continuously monitors the network for changes and attacks, she said.

Such a system frees up security and network administrators to actually perform the work of securing their companies, rather than just discovering vulnerabilities, she said.

"You've got to automate security for it to be effective," Groark said.

ProSentry 2.0 is available immediately at a cost of $1,500 per month.