AXENT Unveils ESM for Web Servers, the First and Only Assessment and Policy Compliance Solution on the Market Specifically for Web Servers

Business Wire, Dec 4, 2000

Business/Technology Editors

ROCKVILLE, Md.--(BUSINESS WIRE)--Dec. 4, 2000

The Latest in a Series of Application Probing

Extensions for Enterprise Security Manager, AXENT's

New Solution Provides Comprehensive Security

Checks for Web Servers and E-Businesses

AXENT Technologies, Inc. (NASDAQ: AXNT), one of the world's leading Internet security solutions providers for e-business, that announced on July 27, 2000 that it entered into definitive agreement with Symantec Corporation (NASDAQ: SYMC) to be acquired, today released Enterprise Security Manager(TM) (ESM) for WebServers, the first and only security solution to assess critical vulnerabilities and define, manage and enforce e-security policies for enterprise-class Web servers. ESM for WebServers is the first shipping solution in AXENT(R)'s new ESM Application Security Series--a family of solutions designed to address security vulnerabilities and policy compliance of new mission-critical e-business components such as Web servers.

"Companies today have secured their operating systems and have implemented solid security policies around them, but have now begun to open these environments to partners and customers to embrace e-business opportunities, creating new vulnerabilities. Different tools are needed to manage the compliance of e-business components against stated security policies and to assess the vulnerabilities brought on by adding Web servers, routers, databases and other applications," said Bob Flinton, product manager at AXENT. "ESM for WebServers extends beyond the operating system to probe for vulnerabilities in Web servers and identify areas that must be secured to protect against attacks such as the two recent attacks that Microsoft suffered."

In November, Microsoft(R) admitted that two hacker attacks breached its Web site, following the company's initial high-profile break-in in September. The hacker breached the site using known vulnerabilities for Microsoft's Windows NT(R)/2000 and the company's IIS Web server--vulnerabilities for which secure fixes have been available for quite a while, but which had not been implemented. With ESM and ESM for WebServers, companies know if such vulnerabilities exist, and can act to secure them before they are exploited.

Beyond the Operating System

ESM for WebServers is designed to extend security policy compliance and vulnerability assessment beyond the operating system to assess the security of Web servers. Coverage for all leading Web servers across multiple operating systems allows you to secure your existing systems and preserve your investments. Regular updates deliver comprehensive coverage to protect against new vulnerabilities as they are discovered, keeping your security current and proactive in nature. Additional modules for assessing routers and switches, firewalls, e-mail servers and other e-business applications will be unveiled individually in the coming year. Earlier this year, AXENT release ESM for Oracle(R) v. 1.1, enabling ESM users to assess these mission-critical databases for key vulnerabilities, and incorporate these systems into their enterprise-level security policies.

ESM for WebServers provides users with three check groups that contain over 270 Web server vulnerability checks. Each of the 270-plus security checks in this new module examines a specific area of Web server security. The security checks contained in ESM for WebServers cover three major areas of Web server security vulnerabilities including Common Gateway Interface (CGI) programs, FTP utilities, and Bastion Host services. With these categories, ESM for WebServers provides the market's most comprehensive, scalable solution for Web server vulnerability assessment.

Additionally, with ESM's sophisticated file monitoring and host-based assessment capabilities, customers can proactively manage and detect the top 10 security threats identified by the SANS Institute, FBI, and Department of Justice, as part of a comprehensive security policy. The file watch and file attributes modules of ESM track changes and security settings in critical files that are exploited in the majority of Internet attacks to enable the customer to quickly respond and rectify potential security threats. Information on how ESM can be used to secure against each of the vulnerabilities is available now and can be found at http://www.axent.com/swat.> About ESM Application Security Modules

Unlike point products that provide limited views of security, AXENT delivers an integrated, comprehensive and scalable solution that is quick and easy to implement. ESM and the new series of ESM Application Security Modules provide a flexible solution that automates the discovery of security vulnerabilities and proactively manages the risks that can disrupt day to day operations in every critical enterprise system--including the critical applications today's e-business demands.

AXENT has created a series of modules that integrates with its market-leading ESM vulnerability assessment solution to extend policy compliance and vulnerability assessment capabilities for e-business. The ESM Application Security Series plugs directly into an organization's existing ESM solution's new "speed" console to deliver a consolidated picture of the user's enterprise security health--from the operating system to critical applications and servers--for a fully-integrated e-business security management solution. Vulnerabilities are identified and integrated directly into the policy trees within the ESM interface users are already familiar with--so training and operational expenses are minimal and companies can be up and running immediately. Targeted modules, such as ESM for WebServers, fit the specific needs of each business, so there's no need to purchase an unnecessary component.