Cenzic Unveils the First and Only Web Application Discovery and Security Assessment Solution for the Enterprise

Market Wire, October, 2006

Cenzic, Inc., a leading provider of automated application security assessment and compliance solutions, today unveiled Hailstorm® Enterprise ARC (Application Risk Controller)(TM), the first product to address application security assessment across the enterprise. With its intelligent dashboard, Cenzic Enterprise ARC gives companies the ability to automatically discover and inventory applications and provides a comprehensive view of application security status with a complete workflow from a central console for Information Security Managers, CIOs, CISOs, Compliance Officers, and Privacy Officers -- all through a web interface.

With today's enterprise applications spanning departments, business units, and geographies, Cenzic Enterprise ARC gives executives visibility into application security status, helping them to identify trends, prioritize resources, and make better business decisions to bulletproof the organization's applications. In addition, Cenzic Hailstorm Enterprise ARC enables companies to automatically identify all web applications within an environment with its web application discovery tool and provides a new quantitative metric called HARM(TM) to measure vulnerability levels of applications.

Protecting web applications is becoming a major pain point for enterprises of all sizes. Whether it's a small company doing business online or a large company handling all their customer transactions, web front-ends have become a must for businesses. Due to the open nature of web sites, hackers are exploiting the same interfaces that consumers use to exploit code to steal confidential information, Intellectual Property, or transfer money illegally. According to a recent Symantec Threat Report, 59% of the total vulnerabilities relate to web applications. In a recent CSI/FBI report on security, almost 100% of respondents had some kind of web incident, with 59% of respondents citing more than ten incidents.

"Global enterprises like large financial services firms may have thousands of customer-facing applications that are vulnerable to network-borne attacks. Many of these applications were built in part long before these threats were understood," said Peter Christy, principal analyst at Internet Research Group. "Much of the security focus to date has been in providing desktop and network gateway security; however, as the attackers are increasingly criminally motivated, more and more of the attacks are happening at the application level, where the attack masquerades as a legitimate user and attempts to hijack a transaction and access information. The impact of such attacks can have serious financial impact to the organization and to the individuals whose information has been stolen. Cenzic's Enterprise ARC product significantly simplifies the task of ongoing application testing and application vulnerability management and provides these large enterprises with a valuable solution for this key aspect of business risk management."

Hailstorm Enterprise ARC provides automated security assessment of custom and commercial web applications and works throughout the software development lifecycle (SDLC) -- whether in development, QA, or operations -- to help find and remediate security vulnerabilities, guide enforcement of internal security policies and support regulatory compliance. With its dashboard views of applications, departments, business units, security and compliance executives are armed with real-time status of the enterprise and the ability to launch and test any application.

"As enterprise organizations become increasingly aware of the vulnerabilities of their web applications, security vendors need to provide breakthrough technology that will elevate both the role of the CISO and the web application security market in protecting companies against attacks," said Theresa Lanowitz of voke, Inc. "Users of application security products and services are in need of features such as intelligent dashboards which deliver CISOs true visibility of security risk assessment across the enterprise. Capabilities such as an intelligent integrated dashboard enhance communication among the enterprise stakeholders and enable overall application security and increase productivity."

Hailstorm Enterprise ARC Addresses Critical Issues in Application Security

Hailstorm Enterprise ARC provides answers to critical questions that must be addressed by the enterprise with respect to application security.

--  Web Interface – Regardless of location, now organizations can not only
    view application security information but can assess these applications
    seamlessly from anywhere in the world.

--  Intelligent Dashboard – Most solutions available today only provide a
    static information dashboard. Enterprise ARC is the first intelligent
    dashboard that allows enterprises to automate the workflow across all
    business units and functions throughout the enterprise.

--  Application Portfolio Status – Hailstorm Enterprise ARC addresses
    critical information security questions such as:
    --  Which applications have been tested?
    --  What are the vulnerability trends?
    --  What is most at risk?
    --  What’s the overall status?
    --  Which applications are vulnerable to the risks we are concerned
        about?
    --  What has the organization been doing to solve it?

--  HARM™ (Hailstorm Application Risk Metric) – A quantitative score that
    uses a unique and intelligent formula to determine which applications
    should get higher priority from a security perspective.

--  Application Discovery – Automatically discovers which applications are
    on a given network and which applications are visible from the
    Internet.

--  Role-based Visibility – Hailstorm Enterprise ARC provides application
    security risks and trends to managers and executives based on their
    roles in the corporation or a specific business unit.

--  Messaging for Workflow Support – Teams can review vulnerabilities,
    share relevant data including vulnerabilities and remediation steps,
    and track actions.

--  Integrated Reporting – Detailed reports are shared among teams based
    on the applications they manage. Expertise is leveraged between
    development and operations since they use a common assessment solution.

--  Web Services Support – Complete support to find vulnerabilities in
    web services.

--  Ajax Support – As Web 2.0 has brought new challenges, Cenzic’s
    solutions are there to proactively find Ajax related vulnerabilities.