Compliance Apps Top Gartner Show Agenda

Compliance security policy enforcement will be at the top of the agenda at Gartner's annual IT Security Summit.

Compliance security policy enforcement will be at the top of the agenda as IT security executives gather in Washington for Gartner Inc.s annual IT Security Summit this week.

VeriSign Inc., Citadel Security Software Inc. and Vidius will all announce new products, features or services for enforcing network security policy, stopping information leaks or helping companies assess compliance with strict data privacy and integrity regulations such as HIPAA (Health Insurance Portability and Accountability Act) and the Sarbanes-Oxley Act.

VeriSign, of Mountain View, Calif., plans to announce its Security Certification Program, which will connect VeriSign security auditors with Global 2000 enterprises that are looking for answers to questions about federal and state security regulations, said Chad Kinzelberg, vice president of security services at VeriSign.

VeriSign auditors will do on-site assessments of an organizations network devices, architecture and data flow, as well as firewall and IDS (intrusion detection system) logs and assess compliance with regulations a company might be subject to.

Companies that meet VeriSigns standards will receive a certificate, good for one year, indicating that they were found to be in compliance. They can present the VeriSign certificate to external auditors, government regulators or others, Kinzelberg said.

Citadels Hercules 4.0, which the Dallas company is unveiling at the Gartner show, adds new features for compliance auditing, risk assessment and product vulnerability management.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

The Hercules suite includes Compliance Manager, which compares a network with policy templates for different regulations and benchmarks such as SarbOx, HIPAA, The SANS Institutes top 20 vulnerabilities list and others. Other modules help resolve issues identified by Compliance Manager.

Information leaks are the focus of Vidius, of Beverly Hills, Calif. Vidius is announcing a new version of PortAuthority, an information-leak prevention tool. According to company officials, the tool can help businesses prevent unauthorized dissemination of sensitive information, which would violate regulations such as the Gramm-Leach-Bliley Act and HIPAA.

With regulations such as SarbOx on the minds of C-level executives, many IT security managers and IT vendors have latched on to regulatory compliance as a clever way to justify the expense of new security products—such as vulnerability assessment tools—that may or may not help with compliance, said John Pescatore, vice president at Gartner, of Stamford, Conn.

While regulations are driving much of the interest in security technology, VeriSigns Kinzelberg said he believes that new threats such as phishing, pharming and identity theft are driving IT security managers to look at new technology.


Check out eWEEK.coms for the latest security news, reviews and analysis.