Computer Associates International Tuesday detailed products and services to couple vulnerability assessments with patch deployment and management.
ETrust Vulnerability Manager Version 8 now includes the company's Unicenter Software Delivery application packaged on an Intel appliance with CA's eTrust vulnerability assessment software. CA last year announced it would deliver its vulnerability scanning software on an appliance, and now the company has integrated its software distribution product into the offering.
"Only boutique companies were offering patch management and software distribution in one product," says Rick Ptak, principal and founder of Ptak, Noel & Associates. "CA, as a major vendor, has the capabilities in both security and management."
Once plugged in to the network, the box automatically scans desktops, servers and other machines for known vulnerabilities and scores the network in terms of its security. The assessment scan determines what machines needs to be patched as well as which are not in compliance with pre-defined policies, desired configurations and industry regulations. Also based on policies set by the security or network administrator, Vulnerability Manager can automatically deliver patches to vulnerable machines or lock them out of the network, CA says.
Also new is eTrust Managed Vulnerability Service, a managed service that provides customers with round-the-clock alerting, escalation and vulnerability monitoring along with the features of the stand-alone product. Customers access the vulnerability product via a CA portal from which they can monitor trouble tickets, review patches deployed, see vulnerable machines, view audit information and generate reports.
Russell Artzt, CA executive vice president, says the company wanted to provide the security expertise and processes with the technology, but also wanted to allow customers control.
"We are calling it a co-managed service because the customers is involved on every level," Artzt says.
Up-to-date information on known patches and potential vulnerabilities is provided by CA staff at the vulnerability operations center. A vulnerability scan can alert staff to a worm or virus breaching network security, and the patch management software will automatically tell CA and its customers what machines are at risk.
For Jamie Slee, technical analyst at The Open University, a provider of distance learning to 200,000 students, purchasing the patch and vulnerability technology as a service helped his company monitor and protect its networks. He says CA reduced the number of hours it took the university to determine what needed to be patched and to apply the patches.
When the Sasser worm broke out, Slee says CA informed him of 148 potentially vulnerable machines, four of which were not patched. Working with CA, The Open University was able to patch three and take one off the network before the worm hit.
ETrust Vulnerability Manager supports Unix, Linux and Windows. The appliance is available now, and pricing starts at US$9,500. ETrust Managed Vulnerability Service is also available now, and pricing starts at $80 per node per year for 5,000 nodes.