Analytics
10/10/2012
03:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

nCircle Adds Significant New Features And Technologies To All Existing Product Lines

Holder of 10 patents adds significant new features and technologies

SAN FRANCISCO, CA -- October 8, 2012 -- nCircle, the leader in information risk and security performance management, today announced new technology innovations across every product line during the first half of 2012.

nCircle solutions protect the largest, most sensitive networks in the world. Its customers span all industry verticals, including financial services, government, energy and utilities, healthcare, and technology and retail. nCircle customers include Facebook, Salesforce.com, the U.S. Department of Agriculture, Humana, United Healthcare, News Corporation, Archer Daniels Midland, Vodafone and Fujitsu America, among others.

"Cyber security has never been more important than it is today," said Jim Acquaviva, vice president of product strategy for nCircle. "The continuing escalation of security threats is a major concern. Businesses of every size need comprehensive, continuous discovery and monitoring to protect every part of their networks against increasing threat levels. With 10 patents awarded and more pending, nCircle has a long history of industry-leading technology innovation. Over the last year, nCircle has significantly increased our technology investments to specifically meet these market changes."

nCircle Suite360

nCircle Suite360 is an integrated suite for continuous monitoring, discovery and auditing of the entire information technology stack across a global network. Suite360 products share a unified scan engine, common scoring methodologies, and centralized reporting and analytics. Suite360 includes IP360&trade for vulnerability management, WebApp360&trade for web application scanning, Configuration Compliance Manager (CCM)&trade for configuration auditing and file integrity monitoring, and Suite360 Intelligence Hub&trade for IT governance, risk and compliance (ITGRC) reporting and analytics.

Recent highlights for Suite360 include:

nCircle Configuration Compliance Manager added support for Microsoft Exchange 2007, CIS Exchange 2007 Policy, Solaris 11, updated DISA/STIGS support for RedHat Enterprise Linux and Windows Server 2003 and expanded PCI policy support.

nCircle WebApp360 expanded coverage in every OWASP Top Ten category, added client-side web application library detection, including the detection of third party JavaScript libraries, and introduced Javascript link spidering and automatic detection of virtual hosts.

nCircle IP360 now includes RSA key scanning, improved database performance, and significantly faster vulnerability check updates. IP360's VMware-based virtual Device Profiler, the Device Profiler Ev, has also been updated with significantly increased vulnerability scan performance.

nCircle Vulnerability and Exposure Research Team (VERT)

In the first half of 2012, nCircle VERT delivered 28% more security risk detection coverage than all previous years combined, including 32% more vulnerability coverage, 18% more application coverage, 31% more operating system coverage, and 25% more configuration policy coverage. nCircle delivers the broadest and deepest security coverage in the industry, ensuring that assets on customers' networks are accurately identified, assessed for vulnerabilities and audited for compliant configurations.

Recent highlights for nCircle VERT include:

Suite360 now audits for 70,000 vulnerabilities, applications, operating systems and configurations, including complete coverage for Oracle RDBMS, CentOS, Apple OS X and Juniper.

nCircle's vulnerability and exposure research team (VERT) released the Patch Priority Index&trade, a free, publicly available and extensively researched list that global IT security teams can use to effectively prioritize the most critical vulnerabilities for immediate remediation. The PPI is updated monthly to provide security teams the quickest, most efficient path to a more secure network.

Suite360 coverage has expanded to include SCADA systems and devices that manage and control critical infrastructure, including Rugged Operating Systems, GE Industrial Systems, Arbiter, GE RTU, Schweitzer Engineering Laboratories and Lantronix.

nCircle PureCloud&trade

nCircle PureCloud, the first true SaaS vulnerability scanning solution in the industry, provides customers with a comprehensive vulnerability management solution that requires no hardware or software to be installed and managed. nCircle PureCloud dramatically reduces the cost and complexity of vulnerability scanning -- a widely recognized security best practice among large corporations – making the practice easily accessible to small and medium business.

Recent highlights for nCircle PureCloud include:

nCircle PureCloud, launched in January 2012, now has over 4,000 users.

The introduction of PureCloud Enterprise -- designed to scan the "extended enterprise" where hardware and software installation is too costly or impractical, such as business partners, merger and acquisition targets, employee home offices, and corporate network perimeters.

The nCircle PureCloud PCI Scan Service was successfully recertified as an Approved Scan Vendor (ASV) by the Payment Card Industry Security Standards Council, using the most recent and most stringent version of the PCI Data Security Standard (PCI DSS).

A new partner portal and managed services API that enables partners to operate as an MSP and completely integrate PureCloud into their existing services, products or portals. Additionally, the API enables the seamless integration of PureCloud functionality into a wide range of third-party products, including single sign-on capabilities that enable partners to run immediate scans in response to immediate threats. Partners are also able to integrate PureCloud reports into reports from other tools to provide users with remediation guidance.

New PureCloud pricing and features specifically tailored to meet the needs of security service organizations and consultants.

nCircle Benchmark&trade

nCircle Benchmark is the first solution that provides standardized measurement of security performance, enabling customers to clearly communicate how well their information assets are secured and to compare their performance with industry peers.

Recent highlights for nCircle Benchmark include:

Over 1,000 companies around the world have joined the nCircle Benchmark community.

A new Enterprise Scorecard pack that provides a fully customizable C-level view of the extensive collection of available Benchmark metrics and scorecards, enabling organizations to communicate security performance in the context of business initiatives. The Enterprise Scorecard Pack is designed to provide chief information security officers (CISOs) with a continuously up-to-date board of directors presentation of the company's security performance.

nCircle Benchmark's new Scorecard Pack for Identity and Access Management provides users with accurate, independent assessments of the performance of critical identity and access management controls that can be tailored to each organization's business goals, reporting structure, locations, asset groups and risk categories.

nCircle Benchmark Quartiles enables security executives to accurately gauge the performance of each discipline in their security program and communicate performance relative to their peers. nCircle Benchmark Quartiles helps CISOs around the world answer the question: Are we properly invested and resourced to best protect the organization?

nCircle Benchmark's new CIS Scorecard Pack provides a reliable, automated way to measure and compare a customer's internal security controls with the Center for Internet Security (CIS) benchmarks.

"nCircle's success in a crowded market is in large part due to our ability to help our customers protect their networks in the face of an ever-changing threat environment," said David Meltzer, chief technology officer for nCircle. "From accelerated delivery of new security content that expands existing products capabilities to discover and accurately assess new devices, applications and threats, to completely new cloud services to help enterprises scan network areas that are impractical to reach with existing technologies, nCircle is constantly innovating. Thousands of businesses worldwide rely on nCircle products to help keep their networks secure. Our engineering team takes great pride in the innovation and quality we deliver and the critical role our products play in keeping these businesses secure."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web