Cenzic Offers Full Suite of Solutions to Meet Web Application Security Needs for Any Size Company

WebKnowHow
Thursday, December 14, 2006; 05:00 AM

Cenzic, Inc., a leading provider of automated application security assessment and compliance solutions, today introduced two new products to protect small enterprises from hackers. Hailstorm® Starter and Hailstorm Core are based on Cenzic's award-winning Hailstorm technology and deliver security assessment solutions for smaller enterprises. This announcement, coupled with the recent introduction of Hailstorm Enterprise ARC (Application Risk Controller)™ for large enterprises, rounds out Cenzic's complete application security assessment solution and makes Cenzic the only company in the industry to offer a complete suite for enterprises of all sizes.

Protecting web applications is becoming a major pain point for enterprises of all sizes. Whether it's a small company doing business online or a large company handling all their customer transactions, web front-ends have become a must for businesses. Due to the open nature of web sites, hackers are exploiting the same interfaces that consumers use to exploit code to steal confidential information, Intellectual Property, or transfer money illegally. With the holiday online shopping at an all time high and about 95% of websites with none to minimal security, consumers need to be careful about what information they provide online. According to a recent Symantec Threat Report, 59% of the total vulnerabilities relate to web applications. In a recent CSI/FBI report on security, almost 100% of respondents had some kind of web incident, with 59% of respondents citing more than 10 incidents.

"Most companies today, large or small, have some type of presence on the Web. However, if customers can access their Web applications, so can hackers," said Neil MacDonald, Vice President and Distinguished Analyst for Gartner. "These applications need to be scanned for vulnerabilities, but the barriers to adoption of scanning tools can be high, especially when resources are tight. Better-automated, lower-cost tools are needed as well as web application scanning as a service to augment -- or in lieu of -- their own staff performing the scanning."

Cenzic Hailstorm software solutions and Cenzic ClickToSecure Managed Service (SaaS) offerings are the only solutions using a Stateful Assessment™ approach that emulates a hacker, providing the most accurate results along with the most flexibility to configure the product. Unlike signature-based scanning approaches used by other offerings in the market, Cenzic's unique and innovative approach provides organizations of all sizes with the most comprehensive application and security assessment solution available. Cenzic's complete family of products includes:

--  Hailstorm Starter - Hailstorm Starter is a simplified product based on
    the technology of Hailstorm Enterprise. It supports instant and interactive
    assessments for small Web sites, including a SmartAttack™ to reveal
    cross-site scripting vulnerabilities.
    
--  Hailstorm Core - Hailstorm Core provides high quality of results for
    assessing applications by testing commercial and custom web applications
    against best practice security policies, testing and monitoring
    applications for commonly known vulnerabilities such as SQL Disclosure, SQL
    Error, Cross-site scripting, web server version, and Buffer overflow. It
    also allows users to build security into web applications as they are being
    developed, greatly reducing the cost, risk, testing, and time to market.
    
--  Hailstorm Professional - Cenzic's award-winning flagship product,
    Hailstorm Professional enables security experts, QA professionals, and
    developers to work together to assess, analyze, and remediate applications
    for security vulnerabilities. Hailstorm benefits include reduced security
    risk and liability, lower development and testing costs, and faster time-to-
    market. Interested companies can download Hailstorm at
    http://www.cenzic.com/products_services/download_hailstorm.php.
    
--  Hailstorm Enterprise ARC (Application Risk Controller) - Hailstorm
    Enterprise ARC provides automated security assessment of custom and
    commercial web applications and works throughout the software development
    lifecycle (SDLC) -- whether in development, QA, or operations -- to help
    find and remediate security vulnerabilities, guide enforcement of internal
    security policies and support regulatory compliance. With its dashboard
    views of applications, departments, business units, security and compliance
    executives are armed with real-time status of the enterprise and the
    ability to launch and test any application. The product also provides the
    industry's first and only quantitative score called HARM (Hailstorm
    Application Risk Metric).
    
--  ClickToSecure™ Managed Service - ClickToSecure is the industry's
    first Software as a Service (SaaS) to combine the power of an enterprise-
    class application security assessment product with the flexibility of a
    managed security service.
    
--  Cenzic Assessment Methodology - Assessment Methodology completes the
    solution with a state-of-the-art business process consulting service to
    help customers improve their existing application security methodologies
    and raise application security awareness in the company.
    

Each of these solutions includes assessing, analyzing, and resolving security vulnerabilities, throughout the software development lifecycle (SDLC) and helping in compliance with regulatory standards; Cenzic's pre-crafted SmartAttack™ library, which enables enterprises to run tests out-of-the box to find vulnerabilities in all web applications as well as enforce internal policies; and the company's integration to leading Q.A. tools, Source Code Scanning, Application Firewall, and other security solutions, giving enterprises the ability to easily address security issues as an integrated process. In addition, through its lab, CIA (Cenzic Intelligent Analysis) Research, Cenzic provides companies with ongoing and frequent updates to its SmartAttack library for the latest vulnerabilities and threats to stay ahead of the curve.

"Cenzic works with companies of all sizes through its software offerings, managed service, and CIA Lab that specializes in continuous research into application vulnerabilities," said John Weinschenk, CEO and President of Cenzic. "Through our work with thousands of customers, we realized that all applications need to be protected, however the level of sophistication required in an assessment tool varied depending on the number and size of applications delivered by a given company."

About Cenzic

Cenzic, Inc. is a leading provider of the next-generation enterprise software and a leading Managed Service (SaaS) offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. With its flagship Hailstorm product line that includes Hailstorm® Starter, Hailstorm Core, Hailstorm Professional, Hailstorm Enterprise ARC (Application Risk Controller)™ and the ClicktoSecure™ managed service, Cenzic is the only company in the industry to offer a complete application security assessment suite for enterprises of all sizes. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.