Citadel Security Software Inc. plans to move to a dramatically different pricing model with the next release of its Hercules software in May, CEO Steve Solomon told eWEEK.com in an exclusive interview.
According to Solomon, the pay-as-you-go pricing model will make vulnerability remediation more affordable, especially to smaller companies. Solomon, who likened the program to "pay by the drink," said the cost will be approximately 75 cents per remediation.
Hercules is delivered on a Windows 2003 Server that the company sells for $14,995. The costs for remediation are extra, however users get the full use of the servers other features, which include vulnerability detection, interoperability with third-party scanners, security planning, and even the ability to roll back hot fixes and patches that didnt work as expected. Solomon said that the new pricing plan would also have provisions to provide fixed prices for entire classes of remediations.
"Well help you be proactive." Solomon said. "We call it the virtual security device at your location. When you fix something, thats the only time youll pay for it."
Solomon said that the new pricing plan will be much less expensive than other ways of pricing remediation. "It pays for itself in one remediation process." he said, "You couldnt have someone do this as a professional service even one day for this cost."
Solomon said he believes that vulnerability remediation will grow quickly as it becomes affordable to a wider range of enterprises. "Were not even in the first inning—its like the anti-virus market was years ago," he said.
With the new attention being paid to security by corporate boards, C-level executives, and the federal government, security management has become a vital activity, Solomon said. "The bottom line is the fear that the board and the C-level management team are now involved and are held accountable by shareholders and mandates that go further. If something goes wrong, youre liable," he said.
One of the reasons that Hercules and products like it have become so important is that all of the high-level attention, coupled with government mandates, has dramatically increased the workload on IT staffs to cope with vulnerabilities and other security issues. "Thats where Citadel comes in," said Yankee Group senior analyst Phebe Waterfield, "helping with the overhead and work flow." She said that its one thing to find a vulnerability, "but how do you go about addressing it? When you have a scan report thats told you about 500 problems, which of those problems do you fix first?"
Waterfield said that companies need products such as Hercules to decide which vulnerabilities to fix first, and which can wait. "What tools do is reduce the overhead and administration. It doesnt take so much time it takes away from the business. Tools also help them prioritize," she said.
Vulnerability management tools also help administrators decide which vulnerabilities not to fix, Waterfield said. "They want to balance the vulnerability," she said, explaining that current workloads require that the risk from the vulnerability has to be balanced against the cost of fixing it. "Were moving away from the idea that you have to fix every vulnerability now."