Risk
12/5/2012
04:24 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Critical Watch Announces Interoperability With HP Enterprise Security Products As Participants In HP's Partner Program

Collaboration will enhance interoperability between Critical Watch ACI Recommendation Engine and HP Fortify

DALLAS, Texas – December 04, 2012 – Critical Watch, the innovator of Active Countermeasure Intelligence (ACI), today announced its participation in the HP® Enterprise Security partner program, supporting interoperability with HP technologies to create a more secure business environment for today's enterprise. This collaboration will enhance interoperability between the Critical Watch ACI Recommendation Engine&trade and HP Fortify.

This intelligence is continuously being advanced by the Critical Watch&trade Basecamp Labs&trade research team, which builds custom expressions to add contextual data to incidents generated by risk detection technologies so these intelligent countermeasure recommendations can be made.

"Our interoperability with HP Fortify will greatly enhance the delivery of our ACI Platform," said Audian Paxson, director of product management at Critical Watch. "This reflects our commitment to working with today's industry leaders in improving enterprise security."

A recent report by the 451 Group highlights the capabilities of the ACI Platform&trade that will support offerings from HP and benefit mutual customers: "A vulnerability may exist in the Web layer, but the most appropriate countermeasures may exist within the network layer or in the data layer. Knowing how disparate different support teams can be within some organizations, this adds a degree of cohesiveness to overall operations that has generally been lacking. This intelligence can lead to better risk decisions, and as a result the value lies in an increased ability to orchestrate the security process from detection through to mitigation."

Finding and understanding system vulnerabilities is just the first step in countering threats, as customers need critical information about which vulnerabilities should be fixed," said Michael Callahan, vice president, product solutions marketing, HP Enterprise Security Products. "The interoperability with Critical Watch allows us to provide the security intelligence necessary to make the right risk decisions about today's threats."

About ACI Platform&trade

The ACI Platform&trade is the first technology that combines risk data from a variety of sources throughout the data stack and recommends and initiates security countermeasures to mitigate those risks. It complements existing security intelligence gathering solutions to provide a complete picture of risk-correlated countermeasures.

About Critical Watch&trade

Critical Watch is the innovator of ACI Platform&trade – a next generation information security technology that combines comprehensive risk intelligence with active mitigation. Critical Watch clients are Global 2000 enterprises across verticals such as healthcare, financial services, state and local government, ecommerce, and manufacturing.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.