TippingPoint Measures Risk

TippingPoint is teaming up with Digital Defense to offer a new security service that includes vulnerability assessment, penetration testing, and workflow vulnerability management, Dark Reading has learned.

The new service, TippingPoint Managed Network Security Assessment Service (MNSAS), will debut on Monday and is aimed at customers that want to outsource the risk management operations and assessment elements as they seek to comply with Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act (HIPAA).

Don Ward, vice president of services for TippingPoint, says the new service adds a missing element in TippingPoint's existing intrusion prevention system technology: a way to report on an organization's compliance posture.

"Managed security services are showing a trend towards compliance management in addition to the traditional services offered in the past: firewall, IDS/IPS, etc.," says Rob Ayoub, industry manager for network security at Frost & Sullivan.

MNSAS, which builds on Digital Defense's risk assessment tools plus its Frontline service portal, identifies security issues that go beyond the IPS' signature-based vulnerabilities. "It identifies them and [you can] reset filters in your IPS to log or block specific types of traffic to stay in compliance," Ward says. The service also provides Web-based compliance reporting.

"We see a much broader opportunity in our service space [here]," he says. Among other things, the service differs from other managed security services in that it can be used by small- to medium-sized businesses, Ward says. TippingPoint also offers pure managed security services in an alliance with BT Counterpane.

IPSes are a natural fit to the compliance equation, Frost & Sullivan's Ayoub notes. "TippingPoint's core competency is IPS, and I don't see that changing." But the new service is another example of how TippingPoint is evolving its expertise in vulnerability research, he says.

Larry Hurtado, president and CEO of Digital Defense, says the new service is his company's first such alliance. "We're looking for greater degrees of integration in the future" with TippingPoint's technologies, he says. Hurtado says Digital Defense got its start by working with firms in the heavily regulated financial industry.

The two companies have already been working together with customers such as the University of North Florida, which last year hired the two to analyze its security architecture. TippingPoint's Ward says the UNF project sped up the rollout of the new security service offering.

Pricing for the new TippingPoint service is based on the number of hosts in an enterprise. According to TippingPoint, that would start at around $750 a month for a small enterprise of 500 hosts that opts for quarterly internal and external vulnerability assessments, and $1,500 per month for monthly assessments.

— Kelly Jackson Higgins, Senior Editor, Dark Reading