SOURCE: Cenzic

November 14, 2005 08:44 ET

Cenzic Announces End-to-End Solution and Powerful New Enterprise Functionality, While Introducing the First-Ever Industry Focused Vertical Product Suites

Cenzic® Hailstorm® 3.0 Automates Application Security Across Development, Q.A., and Information Security Groups While Accelerating Time to Results for Financial Services, E-retail, and Healthcare

SANTA CLARA, CA -- (MARKET WIRE) -- November 14, 2005 -- Cenzic, Inc. today announced major enhancements to its flagship Hailstorm application security assessment product, introducing new capabilities with a scalable model for users across the enterprise and a dashboard providing executives, line-of-business managers, and security professionals with a snap-shot view and trends analysis of the state of their applications.

Cenzic also announced Hailstorm Plus™, an end-to-end solution package that allows customers to improve processes with a best-practices Assessment Methodology consulting, Hailstorm Software product, and bundled ClickToSecure™ managed services to provide customers with a disciplined jump-start. In addition, Cenzic announced vertically focused products for three key verticals -- Financial Services, E-Retail, and Healthcare with additional ones planned for the near future. The combined new enhancements of Hailstorm 3.0 give enterprises the industry's most powerful solution for protecting and automating penetration testing of critical business applications.

"In today's web-enabled world, it's critical to have a program that will find vulnerabilities in your web applications before the bad guys find them," said David Escalante, director of computer policy and security for Boston College. "Cenzic Hailstorm is efficient at finding web vulnerabilities before they are exploited, which is much more cost-effective than the alternative. Boston College is looking forward to using version 3's scalability to extend Hailstorm past the security department to better inform other security stakeholders including executives, developers, and QA staff about improving web security."

Enterprises today rely on Web-based applications to conduct mission-critical business. Traditional methods for testing and protecting these applications from potential threats have become cost-prohibitive and increasingly ineffective for the information security and development teams involved in assuring application security. Hailstorm, in conjunction with Cenzic's ClickToSecure managed service offering, provide a hybrid application security approach that helps customers test the application security assessment waters, minimize up-front costs, realize immediate time to value and build application assessment best practices into their information security framework.

"As the number of attacks and compliance issues related to web applications continues to climb, a comprehensive application security assessment methodology is becoming a critical component of an effective information security strategy," said Scott Crawford, senior analyst, Enterprise Management Associates. "By combining professional services with its Hailstorm solution, Cenzic helps organizations rapidly test applications for vulnerabilities without the high costs and accuracy problems associated with manual testing methods."

"We want to provide solutions that make it easy for customers to quickly get their application security assessment process in full swing on an enterprise basis," said John Weinschenk, president and CEO of Cenzic. "Application security assessment is more than just a technology. Hailstorm 3.0 Enterprise and Hailstorm Plus solution package give enterprises a methodology and set of features to make application security assessment an ingrained part of their overall application lifecycle, from development through production and ongoing maintenance."

Cenzic Hailstorm is the industry's first solution to provide a Stateful Assessment™ approach to test applications for security vulnerabilities and compliance issues. This automated and revolutionary approach to vulnerability management and penetration testing allows Cenzic to deliver large organizations the benefits of manual assessments with significantly lower costs and time commitments. Hailstorm delivers a series of improvements to extend its functionality and further streamline application testing for enterprises. Key benefits include:

--  Proven assessment methodology: Leverages Cenzic know-how and the
    expertise of its Cenzic Intelligence Analysis (CIA) lab to help enterprises
    more quickly resolve issues and improve business processes associated with
    application security. By following the assessment methodology, Hailstorm
    customers can rapidly bake the industry's best practices into their
    organization's application testing process.
--  Industry-specific security assessment packages: Provide the industry's
    first-ever market-focused application security assessment capabilities for
    the most vulnerable industries, including financial services, e-retail, and
    healthcare. Taking advantage of Hailstorm's configurable SmartAttack™
    Library to application testing, vertical-focused packages increase focus
    and reduce time to resolution for customers.
--  Improved workflow: Hailstorm 3.0 includes a series of enhancements
    aimed at improving workflow, including enhanced collaboration capabilities,
    and multi-user access across the enterprise for Information Security, Q.A.,
    and Development groups.
--  Management Dashboard: Extending the already rich reporting
    capabilities of Hailstorm, the new version includes a management dashboard
    that allows Line-of-business managers, security executives and
    professionals, Q.A. professionals, and development groups to view a
    detailed trend analysis and health of the web applications through out the
Pricing and availability

Cenzic Hailstorm 3.0 is a scalable enterprise software product and will ship in December 2005. Hailstorm Plus end-to-end solution is available immediately. Industry focused products will be available in the first quarter of 2006. Similar to a manual security assessment, pricing is based on the number of applications but at a fraction of the cost of a manual penetration test. Assessment methodology pricing is a fixed fee project. All existing customers will get the new version as part of their upgrade process.

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software and services for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic® Hailstorm®, the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first solutions to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit

Contact Information

    Jason Throckmorton or Jesse Odell
    Email Contact