nCircle Enables Critical Utilities Compliance with New NERC CIP Configuration Auditing Policies

PRESS RELEASE

SAN FRANCISCO, CA — December 03, 2008— nCircle, the leader in automated security and configuration auditing solutions, today announced new security and configuration policies designed to help electric utilities comply with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards. Mapped directly to the NERC CIP standards, these policies help utilities with critical infrastructure, to automate previously manual and time consuming audit tasks, reduce security risk and achieve compliance with the NERC CIP standards.

Reliability is the number one concern for the electric utility industry, and the effect of Internet connectivity on the security of our critical infrastructure has created additional complexity and challenges. NERC addressed these challenges by creating the Critical Infrastructure Protection (CIP) cyber security standards, providing a way to consistently audit electric utility organizations for cyber security weaknesses. nCircle's solutions deliver automated, agentless configuration and policy auditing, vulnerability assessment, and actionable reporting for NERC CIP compliance. The new policies enable utilities to continuously audit the configurations of their critical infrastructure and easily identify deviations from the NERC CIP standards. "nCircle continues to develop new solutions enabling our customers to audit their IT assets automatically, continuously and consistently," said Tim Keanini, CTO, nCircle. "Our new NERC CIP policies expand on nCircle's already industry-leading coverage, simplifying NERC CIP compliance processes and ensuring the reliability of the critical utility infrastructure." The new policies are delivered in nCircle Configuration Compliance ManagerTM, nCircle's agentless configuration auditing solution that automates configuration auditing, change monitoring and compliance processes. In addition to the new NERC CIP policies, Configuration Compliance Manager also supports a port scanning mode specifically for highly sensitive devices, such as Supervisory Control And Data Acquisition (SCADA) systems. This unique, non-intrusive and lightweight approach is ideal for these critical utility systems. nCircle is hosting a webinar entitled "Addressing NERC CIP Compliance Challenges" on December 11, 2008. To register, visit http://www.ncircle.com/index.php?s=resources_webinars_utilities.

About nCircle Suite360 nCircle provides the world's most comprehensive suite of solutions for agentless security risk and compliance management. nCircle's solutions combine the broadest discovery of networked systems and their operating systems, applications, vulnerabilities and configurations with advanced analytics to help enterprises reduce security risk and achieve compliance. nCircle's solutions includes IP360 for vulnerability and risk management, WebApp360 for web application vulnerability auditing, Configuration Compliance Manager (CCM) for configuration auditing and file integrity monitoring, Certified PCI Scan Service for on-demand self-service PCI scanning, and Security Intelligence Hub for IT governance, risk and compliance (ITGRC) reporting and analytics.

About nCircle nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,000 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.