LAS VEGAS—Computer Associates International Inc. on Tuesday will announce a new subscription-based vulnerability detection and remediation service, along with a new vulnerability management appliance. The new offerings are a part of the companys effort to move more deeply into security, particularly the security management market, officials said.
CAs eTrust Managed Vulnerability Service is a twist on the traditional managed security services model, in that the company does not completely take over the customers entire management process. Instead, CA security analysts will visit each new customer site to assess the IT environment and determine the customers highest-priority assets. CA will then install the security technology at the customers location and begin monitoring existing and new vulnerabilities.
The monitoring will be done by analysts at CAs new 24-hour security operations center outside Washington. Customers will have access to the center via a Web-based portal and can call an analyst at any time of day, the company said.
Once a new vulnerability is discovered, the analysts will map it against the customers network to see whether the issue affects any of the companys IT assets. If it does, the analysts will test a patch in CAs lab, then package it and send it to the customer, who will be ultimately responsible for installing the patch on vulnerable machines.
CA decided to take what it is calling this “co-managed” approach to vulnerability management and remediation because officials saw little chance that customers would outsource the entire process to a third party.
“If youre going to do that, you might as well outsource your entire IT organization because we would have complete control of the network at that point,” said Toby Weiss, senior vice president of product management and marketing for eTrust at CA, based in Islandia, N.Y. The company is announcing the new service at its annual CA World conference here.
Customers will pay an annual subscription fee for the service.
CAs new eTrust Vulnerability Manager r8 appliance performs many of the same functions, but does not have the added access to the CA analysts and operations center. The appliance continuously monitors networks for vulnerabilities, missing patches and misconfigurations and automates the patching and remediation process.
The new box will run on Linux, Unix and Windows and pricing starts at $9,500.