Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    White Hat Tools Turn IT Administrators Into White Hat Hackers

    By
    John Taschek
    -
    February 11, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Death, taxes and the fact that your computer systems are vulnerable are the only things that are certain—at least in our lifetimes. Unfortunately, many companies will find this out at least once. The problem is that they rely on vendors to disclose problems, and by then its way too late.

      Large companies, such as IBM, Oracle and Symantec, hire their own hacking staffs to try to contain vulnerabilities in their software. Many large organizations, meanwhile, hire security consultants–usually composed, at least partially, of reformed hackers–to stress-test their systems. Most companies, however, sit and wait. And then things go awry. Statistics show, after all, that a large number of companies have had their systems compromised in some fashion during the last year (see http://www.securitystats.com).

      Too bad they all cant be hackers. Maybe they can. A long time ago, products such as SATAN scanned systems for known vulnerabilities. They evolved into good business plans for companies, such as ISS. Now, security scanners are a dime a dozen. Well, perhaps theyre more like $10,000 a dozen, but still the price isnt prohibitive, especially in light of what might happen if companies didnt use them. An insurance policy with no guarantees, so to speak.

      Cenzic, meanwhile—a company that was once known as ClicktoSecure—has been developing a super vulnerability scanner based on an SDK they have had in the works. I had the chance to interview Cenzics CEO Alan Henricks and CTO Greg Hoglund about the state of security scanners, and its pretty clear that the companys vision is different from what else is out there.

      The biggest problem, says Hoglund, is that security scanners are ineffective at solving security problems. Scanners use signature sets, tables of information about known securities, so they cant offer protection from the most dangerous problems—the ones that havent been exposed. Scanners are also application-specific, and cant scan for vulnerabilities across an entire system.

      Cenzic—the name is derived from “Center and Forensic”— meanwhile, moves beyond the reactive model and attempts to employ heuristics software fault injection schemes to find holes in every facet of an application–from the network layer through the presentation layer.

      Cenzics product is named Hailstorm, a better use of the name than Microsofts code-name for its .Net My Services. The big difference between Hailstorm and the current batch of scanners is in the fault injection methodology. A scanner that just shoots fault aimlessly will not do anyone any good. Cenzics intellectual property resides in targeted fault injection. For example, its not going to fire SQL stored procedure errors at an FTP server.

      There are obvious markets for this, namely the financial services community, which stakes its business on having a secure application infrastructure. The other big market is for integrators that sell security services.

      Cenzics just getting started, but its a company to watch.

      Contact John Taschek at john_taschek@ziffdavis.com.

      John Taschek
      As the director of eWEEK Labs, John manages a staff that tests and analyzes a wide range of corporate technology products. He has been instrumental in expanding eWEEK Labs' analyses into actual user environments, and has continually engineered the Labs for accurate portrayal of true enterprise infrastructures. John also writes eWEEK's 'Wide Angle' column, which challenges readers interested in enterprise products and strategies to reconsider old assumptions and think about existing IT problems in new ways. Prior to his tenure at eWEEK, which started in 1994, Taschek headed up the performance testing lab at PC/Computing magazine (now called Smart Business). Taschek got his start in IT in Washington D.C., holding various technical positions at the National Alliance of Business and the Department of Housing and Urban Development. There, he and his colleagues assisted the government office with integrating the Windows desktop operating system with HUD's legacy mainframe and mid-range servers.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×