eEye Tool Helps Find, Fix Vulnerabilities

Tool combines scanning and reporting capabilities with new features to help enterprises remedy network vulnerabilities.

In an effort to tap the potential of its various security technologies, eEye Digital Security Inc. next week will unveil its new Enterprise Vulnerability Assessment and Remediation Management solution.

The new offering, which will be generally available at the end of November, is essentially a combination of eEyes flagship Retina scanner and its new Remote Enterprise Management console. Designed for large enterprises with complex, distributed networks, the new solution includes an integrated vulnerability remediation process in addition to its core scanning and reporting capabilities.

Administrators can set up scheduled scans or perform manual operations from the new console. Once a scan is complete, the Retina software sends it data back to the console via an encrypted channel. That data is then combined with information from other scanners across the network and displayed in a series of charts and graphs showing vulnerabilities for each IP address scanned.

The scan data can also be imported into such management systems as IBMs Tivoli software or Hewlett-Packard Co.s OpenView.

After all of the vulnerabilities have been identified, the administrator can then delegate the remediation of each one to a specific person. This generates a new remediation ticket, which includes a description of the vulnerability, the machines it affects and a link to the patch. After fixing the problem, the analyst then closes the ticket, enabling managers to see which vulnerabilities have been addressed and which are still pending.

"Our customers have been saying, youve told us that there all of these vulnerabilities out there, now what do we do about them?" said Firas Raouf, chief operating officer at eEye, based in Aliso Viejo, Calif.

The new Remote Enterprise Management console is capable of controlling all of eEyes products—SecureIIS, Iris, Blink and Retina—and can also handle security alerts from other vendors products.

The new solution will be sold based on the number of IP addresses to be scanned, with prices varying from about $10 per address to about $20-$25 per address, Raouf said.

eEye joins a crowded market segment with the announcement of this new solution. Companies such as Foundstone Inc., Qualys Inc. and others have similar offerings.