Foundstone's Threat Correlation Module Prioritizes Critical Threats Facing Every Enterprise System

Business Wire, Sept 15, 2003

Business Editors/High-Tech Writers

MISSION VIEJO, Calif.--(BUSINESS WIRE)--Sept. 15, 2003

Ending The Wild Goose Chase: Foundstone Threat Correlation Module

Provides IT Managers "First-Response Capability" by Intelligently

Connecting the Most Important Threats, Assets, and Vulnerabilities

into One Single View

Foundstone, experts in strategic security, today announced the Foundstone Threat Correlation Module(TM), adding a new dimension of security to its Foundstone Enterprise Risk Solutions(TM) software. Unlike vulnerability assessment and intrusion detection systems that generate long, jargon-filled lists of potential threats, the Module provides a deceptively simple, at-a-glance interface to facilitate vulnerability assessment and remediation. Now, IT managers can immediately understand and proactively respond to the global security threats facing their organizations.

"This is as close as it gets to an instant-on, command-and-control center dedicated to proactively protect organizations and government agencies in the war against hackers," said Stuart McClure, Foundstone president and chief technology officer, adding that the Threat Correlation Module also includes an integrated work-ticket system to keep the security staff abreast of how remediation work is proceeding. "Despite the advances in information security over the past few years, IT managers far too often find themselves staring at long, random lists of vulnerabilities and threats -- with little idea of exactly how real the issues are, or which of their individual systems should be addressed first. The Foundstone Threat Correlation Module intelligently determines which systems are most at-risk from which critical threats. More importantly, the Module's integrated work-ticket system allows security staff to ensure that remediation of critical vulnerabilities is completed on time."

"The growing number of threats targeted to IT networks results in an overwhelming amount of information for the IT security professional to sift through to determine appropriate actions," commented Charles Kolodgy, security analyst at IDC. "Foundstone's risk algorithm, the powerful ingredient behind the Threat Correlation Module, does the heavy-lifting of pinpointing the assets most at risk to help security professionals cut through the data and move to action."

The Module clearly lists threat events, including worms, high-risk vulnerabilities and coordinated attacks, as reported by Foundstone Labs. Then the correlation engine, using a risk algorithm developed by Foundstone based on asset value, vulnerability severity and threat criticality, determines the unique threat profile for the organization's asset inventory. The results are visually represented in a scoring system as simple as "red, orange, yellow, and green," supplemented by a numerical risk score (e.g., "red alert, level 5" is more serious than "yellow alert, level 3" and far more serious than "green alert, level 2"). IT managers are alerted to the risks that need to be addressed immediately, as well as the ones they can fix at a later date. An integrated ticketing system can be used to assign remediation activity to the appropriate asset owner and enables the IT staff to track and verify progress over time.

The Foundstone Threat Correlation Module will match each threat's specific profile to each organization's assets by using factors such as vulnerabilities, operating systems, network services, service banners and service ports. Other features of the Foundstone Threat Correlation Module include:

    --  Threat Intelligence Alerts: Provided by Foundstone Labs, via a
        real-time download, the alerts include information about
        important threats, worms and widespread attacks.

    --  Detailed Threat Information: To gain a complete understanding
        of each critical asset as related to each important posed
        threat, customers can access detailed information for each
        affected host in order to gain a complete understanding of the
        asset and the posed threat.

    --  Multiple Options for Threat Remediation: To ensure seamless
        integration into their remediation process, users have several
        options to respond to critical threats including:

           --  immediate remediation using the prioritized list of
               assets;

           --  downloading the asset list (in CSV format), or feeding
               immediate scans to patch management systems;

           --  the use of Foundstone's concise, effective threat
               response recommendations;

           --  responding with the Foundstone Remediation Module(TM)
               so that fix activities are managed and measured within
               the integrated workflow system.

    --  Easy Installation: Once given the appropriate download code,
        Foundstone Enterprise customers can simply install the Threat
        Correlation Module by executing the installer from the
        Foundstone Enterprise Manager(TM), a web-based portal. When
        installed, the Module becomes a new option from the Enterprise
        Manager's global navigation. Then, when users click the threat
        tab in Foundstone Enterprise, they are seamlessly
        authenticated to the Module with their normal system
        credentials and access control privileges. For Foundstone
        Managed Service customers, installation is not required.