SOURCE: Cenzic

October 30, 2006 09:15 ET

Cenzic Unveils the First and Only Web Application Discovery and Security Assessment Solution for the Enterprise

Hailstorm Enterprise ARC Provides CISOs, CIOs, Line of Business Managers and Compliance Officers With Intelligent Dashboards Enabling Them to Dramatically Improve Overall Application Security and Increase Productivity

SANTA CLARA, CA -- (MARKET WIRE) -- October 30, 2006 -- Cenzic, Inc., a leading provider of automated application security assessment and compliance solutions, today unveiled Hailstorm® Enterprise ARC (Application Risk Controller)™, the first product to address application security assessment across the enterprise. With its intelligent dashboard, Cenzic Enterprise ARC gives companies the ability to automatically discover and inventory applications and provides a comprehensive view of application security status with a complete workflow from a central console for Information Security Managers, CIOs, CISOs, Compliance Officers, and Privacy Officers -- all through a web interface.

With today's enterprise applications spanning departments, business units, and geographies, Cenzic Enterprise ARC gives executives visibility into application security status, helping them to identify trends, prioritize resources, and make better business decisions to bulletproof the organization's applications. In addition, Cenzic Hailstorm Enterprise ARC enables companies to automatically identify all web applications within an environment with its web application discovery tool and provides a new quantitative metric called HARM™ to measure vulnerability levels of applications.

Protecting web applications is becoming a major pain point for enterprises of all sizes. Whether it's a small company doing business online or a large company handling all their customer transactions, web front-ends have become a must for businesses. Due to the open nature of web sites, hackers are exploiting the same interfaces that consumers use to exploit code to steal confidential information, Intellectual Property, or transfer money illegally. According to a recent Symantec Threat Report, 59% of the total vulnerabilities relate to web applications. In a recent CSI/FBI report on security, almost 100% of respondents had some kind of web incident, with 59% of respondents citing more than ten incidents.

"Global enterprises like large financial services firms may have thousands of customer-facing applications that are vulnerable to network-borne attacks. Many of these applications were built in part long before these threats were understood," said Peter Christy, principal analyst at Internet Research Group. "Much of the security focus to date has been in providing desktop and network gateway security; however, as the attackers are increasingly criminally motivated, more and more of the attacks are happening at the application level, where the attack masquerades as a legitimate user and attempts to hijack a transaction and access information. The impact of such attacks can have serious financial impact to the organization and to the individuals whose information has been stolen. Cenzic's Enterprise ARC product significantly simplifies the task of ongoing application testing and application vulnerability management and provides these large enterprises with a valuable solution for this key aspect of business risk management."

Hailstorm Enterprise ARC provides automated security assessment of custom and commercial web applications and works throughout the software development lifecycle (SDLC) -- whether in development, QA, or operations -- to help find and remediate security vulnerabilities, guide enforcement of internal security policies and support regulatory compliance. With its dashboard views of applications, departments, business units, security and compliance executives are armed with real-time status of the enterprise and the ability to launch and test any application.

"As enterprise organizations become increasingly aware of the vulnerabilities of their web applications, security vendors need to provide breakthrough technology that will elevate both the role of the CISO and the web application security market in protecting companies against attacks," said Theresa Lanowitz of voke, Inc. "Users of application security products and services are in need of features such as intelligent dashboards which deliver CISOs true visibility of security risk assessment across the enterprise. Capabilities such as an intelligent integrated dashboard enhance communication among the enterprise stakeholders and enable overall application security and increase productivity."

Hailstorm Enterprise ARC Addresses Critical Issues in Application Security

Hailstorm Enterprise ARC provides answers to critical questions that must be addressed by the enterprise with respect to application security.

--  Web Interface – Regardless of location, now organizations can not only
    view application security information but can assess these applications
    seamlessly from anywhere in the world.

--  Intelligent Dashboard – Most solutions available today only provide a
    static information dashboard. Enterprise ARC is the first intelligent
    dashboard that allows enterprises to automate the workflow across all
    business units and functions throughout the enterprise.

--  Application Portfolio Status – Hailstorm Enterprise ARC addresses
    critical information security questions such as:
    --  Which applications have been tested?
    --  What are the vulnerability trends?
    --  What is most at risk?
    --  What’s the overall status?
    --  Which applications are vulnerable to the risks we are concerned
        about?
    --  What has the organization been doing to solve it?

--  HARM™ (Hailstorm Application Risk Metric) – A quantitative score that
    uses a unique and intelligent formula to determine which applications
    should get higher priority from a security perspective.

--  Application Discovery – Automatically discovers which applications are
    on a given network and which applications are visible from the
    Internet.

--  Role-based Visibility – Hailstorm Enterprise ARC provides application
    security risks and trends to managers and executives based on their
    roles in the corporation or a specific business unit.

--  Messaging for Workflow Support – Teams can review vulnerabilities,
    share relevant data including vulnerabilities and remediation steps,
    and track actions.

--  Integrated Reporting – Detailed reports are shared among teams based
    on the applications they manage. Expertise is leveraged between
    development and operations since they use a common assessment solution.

--  Web Services Support – Complete support to find vulnerabilities in
    web services.

--  Ajax Support – As Web 2.0 has brought new challenges, Cenzic’s
    solutions are there to proactively find Ajax related vulnerabilities.
"Cenzic's ClickToSecure managed service has already provided us with the ability to quickly and seamlessly strengthen our systems without disrupting our day-to-day business activities and service to our own clients," said David Lee, vice president of infrastructure and engineering at K2 Network, Inc. "The new Enterprise ARC product provides a unique Risk Assessment Dashboard to discover and track all web applications for the entire enterprise. The fact that this enterprise software solution will also be made available to the managed service customers is very exciting."

"As businesses grapple with the challenges of securing the enterprise, they need solutions that facilitate communication and collaboration across departments to quickly thwart attacks," said John Weinschenk, CEO and president of Cenzic. "Hailstorm Enterprise ARC extends upon its existing Cenzic Hailstorm software to bring security issues directly to the C-level as well as across lines-of-business with powerful views of vulnerability status and an automated workflow from a unified dashboard across the enterprise."

As part of the release of Cenzic Enterprise ARC, the company also announced a major upgrade to its Hailstorm Professional product. Hailstorm Professional 4.0 is packed with new features that greatly benefit customers including a web services module, PCI Compliance, HARM scores, significantly enhanced reporting and many new SmartAttacks that can help customers stay ahead of the hackers.

Cenzic is the only company in the industry to offer a complete suite of solutions for enterprises of all sizes. Cenzic Hailstorm software, and Cenzic ClickToSecure, Managed Service (SaaS) offerings are the only solutions using a Stateful Assessment™ approach that emulates a hacker, providing the most accurate results along with the most flexibility to configure the product.

About Cenzic, Inc.

Cenzic, Inc. is a leading provider of the next-generation enterprise software and a leading Managed Service offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic® Hailstorm® Professional and Enterprise ARC, the most accurate and extensible solutions in the industry, enable security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first Software as a Service (SaaS) to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.

Contact Information