October 30, 2006 09:15 ET
Cenzic Unveils the First and Only Web Application Discovery and Security Assessment Solution for the Enterprise
Hailstorm Enterprise ARC Provides CISOs, CIOs, Line of Business Managers and Compliance Officers With Intelligent Dashboards Enabling Them to Dramatically Improve Overall Application Security and Increase Productivity
SANTA CLARA, CA -- (MARKET WIRE) -- October 30, 2006 -- Cenzic, Inc., a leading provider of
automated application security assessment and compliance solutions, today
unveiled Hailstorm® Enterprise ARC (Application Risk Controller)™, the
first product to address application security assessment across the
enterprise. With its intelligent dashboard, Cenzic Enterprise ARC gives
companies the ability to automatically discover and inventory applications
and provides a comprehensive view of application security status with a
complete workflow from a central console for Information Security Managers,
CIOs, CISOs, Compliance Officers, and Privacy Officers -- all through a web
With today's enterprise applications spanning departments, business units,
and geographies, Cenzic Enterprise ARC gives executives visibility into
application security status, helping them to identify trends, prioritize
resources, and make better business decisions to bulletproof the
organization's applications. In addition, Cenzic Hailstorm Enterprise ARC
enables companies to automatically identify all web applications within an
environment with its web application discovery tool and provides a new
quantitative metric called HARM™ to measure vulnerability levels of
Protecting web applications is becoming a major pain point for enterprises
of all sizes. Whether it's a small company doing business online or a large
company handling all their customer transactions, web front-ends have
become a must for businesses. Due to the open nature of web sites, hackers
are exploiting the same interfaces that consumers use to exploit code to
steal confidential information, Intellectual Property, or transfer money
illegally. According to a recent Symantec Threat Report, 59% of the total
vulnerabilities relate to web applications. In a recent CSI/FBI report on
security, almost 100% of respondents had some kind of web incident, with
59% of respondents citing more than ten incidents.
"Global enterprises like large financial services firms may have thousands
of customer-facing applications that are vulnerable to network-borne
attacks. Many of these applications were built in part long before these
threats were understood," said Peter Christy, principal analyst at Internet
Research Group. "Much of the security focus to date has been in providing
desktop and network gateway security; however, as the attackers are
increasingly criminally motivated, more and more of the attacks are happening at the application level, where the attack masquerades as
a legitimate user and attempts to hijack a transaction and access
information. The impact of such attacks can have serious financial impact
to the organization and to the individuals whose information has been
stolen. Cenzic's Enterprise ARC product significantly simplifies the task
of ongoing application testing and application vulnerability management and
provides these large enterprises with a valuable solution for this key
aspect of business risk management."
Hailstorm Enterprise ARC provides automated security assessment of custom
and commercial web applications and works throughout the software development lifecycle (SDLC) -- whether in development,
QA, or operations -- to help find and remediate security vulnerabilities,
guide enforcement of internal security policies and support regulatory
compliance. With its dashboard views of applications, departments, business
units, security and compliance executives are armed with real-time status
of the enterprise and the ability to launch and test any application.
"As enterprise organizations become increasingly aware of the
vulnerabilities of their web applications, security vendors need to provide
breakthrough technology that will elevate both the role of the CISO and the
web application security market in protecting companies against attacks,"
said Theresa Lanowitz of voke, Inc. "Users of application security products
and services are in need of features such as intelligent dashboards which
deliver CISOs true visibility of security risk assessment across the
enterprise. Capabilities such as an intelligent integrated dashboard
enhance communication among the enterprise stakeholders and enable overall
application security and increase productivity."
Hailstorm Enterprise ARC Addresses Critical Issues in Application Security
Hailstorm Enterprise ARC provides answers to critical questions that must
be addressed by the enterprise with respect to application security.
-- Web Interface Regardless of location, now organizations can not only
view application security information but can assess these applications
seamlessly from anywhere in the world.
-- Intelligent Dashboard Most solutions available today only provide a
static information dashboard. Enterprise ARC is the first intelligent
dashboard that allows enterprises to automate the workflow across all
business units and functions throughout the enterprise.
-- Application Portfolio Status Hailstorm Enterprise ARC addresses
critical information security questions such as:
-- Which applications have been tested?
-- What are the vulnerability trends?
-- What is most at risk?
-- Whats the overall status?
-- Which applications are vulnerable to the risks we are concerned
-- What has the organization been doing to solve it?
-- HARM (Hailstorm Application Risk Metric) A quantitative score that
uses a unique and intelligent formula to determine which applications
should get higher priority from a security perspective.
-- Application Discovery Automatically discovers which applications are
on a given network and which applications are visible from the
-- Role-based Visibility Hailstorm Enterprise ARC provides application
security risks and trends to managers and executives based on their
roles in the corporation or a specific business unit.
-- Messaging for Workflow Support Teams can review vulnerabilities,
share relevant data including vulnerabilities and remediation steps,
and track actions.
-- Integrated Reporting Detailed reports are shared among teams based
on the applications they manage. Expertise is leveraged between
development and operations since they use a common assessment solution.
-- Web Services Support Complete support to find vulnerabilities in
-- Ajax Support As Web 2.0 has brought new challenges, Cenzics
solutions are there to proactively find Ajax related vulnerabilities.
service has already provided us with the ability to quickly and seamlessly
strengthen our systems without disrupting our day-to-day business
activities and service to our own clients," said David Lee, vice president
of infrastructure and engineering at K2 Network, Inc. "The new Enterprise
ARC product provides a unique Risk Assessment Dashboard to discover and
track all web applications for the entire enterprise. The fact that this
enterprise software solution will also be made available to the managed
service customers is very exciting."
"As businesses grapple with the challenges of securing the enterprise, they
need solutions that facilitate communication and collaboration across
departments to quickly thwart attacks," said John Weinschenk, CEO and
president of Cenzic. "Hailstorm Enterprise ARC extends upon its existing
Cenzic Hailstorm software to bring security issues directly to the C-level
as well as across lines-of-business with powerful views of vulnerability
status and an automated workflow from a unified dashboard across the
As part of the release of Cenzic Enterprise ARC, the company also announced
a major upgrade to its Hailstorm Professional product. Hailstorm
Professional 4.0 is packed with new features that greatly benefit customers
including a web services module, PCI Compliance, HARM scores, significantly
enhanced reporting and many new SmartAttacks that can help customers stay
ahead of the hackers.
Cenzic is the only company in the industry to offer a complete suite of
solutions for enterprises of all sizes. Cenzic Hailstorm software, and
Cenzic ClickToSecure, Managed Service (SaaS) offerings are the only
solutions using a Stateful Assessment™ approach that emulates a hacker,
providing the most accurate results along with the most flexibility to
configure the product.
About Cenzic, Inc.
Cenzic, Inc. is a leading provider of the next-generation enterprise
software and a leading Managed Service offering for automated application
security assessment and compliance that allows Fortune 1000 corporations,
mid-sized corporations, and government organizations to dramatically
improve the security of web applications. Cenzic® Hailstorm®
Professional and Enterprise ARC, the most accurate and extensible solutions
in the industry, enable security experts, QA professionals, and developers
to work together to assess, analyze, and remediate applications for
security vulnerabilities. Hailstorm benefits include reduced security risk
and liability, lower development and testing costs, and faster
time-to-market. Cenzic ClickToSecure™ service is one of the industry's
first Software as a Service (SaaS) to combine the power of an
enterprise-class application security assessment product with the
flexibility of a managed security service. Cenzic Assessment Methodology
completes the solution with a state-of-the-art business process consulting
service to help customers improve their application security methodologies.
Cenzic solutions are the most accurate, comprehensive, and extensible in
the industry. Cenzic's current focus includes financial services, e-retail,
healthcare, and government sectors. For more information, visit