White Hat Tools Turn IT Administrators Into White Hat Hackers
Tester's Choice: Cenzic, which is developing an SDK-based super vulnerability scanner, has a vision that is different from what else is out there.Death, taxes and the fact that your computer systems are vulnerable are the only things that are certainat least in our lifetimes. Unfortunately, many companies will find this out at least once. The problem is that they rely on vendors to disclose problems, and by then its way too late. Large companies, such as IBM, Oracle and Symantec, hire their own hacking staffs to try to contain vulnerabilities in their software. Many large organizations, meanwhile, hire security consultants--usually composed, at least partially, of reformed hackers--to stress-test their systems. Most companies, however, sit and wait. And then things go awry. Statistics show, after all, that a large number of companies have had their systems compromised in some fashion during the last year (see http://www.securitystats.com). Too bad they all cant be hackers. Maybe they can. A long time ago, products such as SATAN scanned systems for known vulnerabilities. They evolved into good business plans for companies, such as ISS. Now, security scanners are a dime a dozen. Well, perhaps theyre more like $10,000 a dozen, but still the price isnt prohibitive, especially in light of what might happen if companies didnt use them. An insurance policy with no guarantees, so to speak.
Cenzic, meanwhilea company that was once known as ClicktoSecurehas been developing a super vulnerability scanner based on an SDK they have had in the works. I had the chance to interview Cenzics CEO Alan Henricks and CTO Greg Hoglund about the state of security scanners, and its pretty clear that the companys vision is different from what else is out there.