AlertSite Adds Security Scan to Web Service

The company adds vulnerability scanning to its Web site performance-measurement subscription service.

Web site performance-measurement and monitoring services provider AlertSite added a new security twist to its services on Monday with the introduction of a vulnerability scanning service.

AlertSite is bringing a low-cost value proposition to the market with its new AlertSite Security Vulnerability Scan service by offering a daily scan of Internet services, ports, routers, firewalls and Internet-linked devices for $49.99 per month.

"Vulnerability scanning is basic blocking and tackling. Its one of the things that every organization needs to be doing," said Ken Godskind, vice president of marketing at AlertSite in Coconut Creek, Fla.

"The security vulnerability scan is designed to make sure servers, routers and so on are free from any of the hundreds of known vulnerabilities," Godskind added. Those include vulnerability to threats such as Blaster, Slammer, Code Red, NIMDA worms and others.

/zimages/4/28571.gifClick here to read about a Web services security tool from Kenai.

The scanning service is designed to ensure that customer Web sites and Web servers pass the SANS Top 20 Internet Security Vulnerabilities test, which was created by the SANS Institute (SysAdmin, Audit, Network, Security) and the FBI to alert IT operators to the most commonly exploited vulnerabilities in Windows, Linux and Unix that require immediate remediation.

The AlertSite vulnerability scanning service provides a network and application level scan that identifies vulnerabilities and provides recommendations for improvements. It also provides referrals to available patches. "Its designed to help clients with meaningful online connections to stay ahead of hackers," Godskind said.

Unlike competitive scanning services, AlertSite qualifies prospective customers before implementing the service to insure that bogus users arent scanning servers they dont own or are not responsible for.

/zimages/4/28571.gifRead details here about performance-optimization offerings at Interop.

"We require that our customers fill out an authorization form that says, this is me and the name of the server Im trying to scan … attesting to me owning this server. We developed a human process to make sure [an unauthorized scan] doesnt happen. Customers can provision their device to be scanned, but that has to be enabled by one of our people after reviewing the proper forms and so on," Godskind said.

The subscription service, which requires no software installation, configuration or maintenance, provides reporting on services and vulnerabilities detected; nightly server screening for known threats and daily e-mail reporting on vulnerabilities detected and remediated. It is available now.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.