By Joel Snyder
Information Security, April 2003
Article on Information Security Web Site
Many vulnerability analyzers are plagued with weak data management capabilities. Preventsys wants to solve that problem and simultaneously enable network managers to use the information from vulnerability analyzers to continuously audit their networks.
Preventsys 1.0 brings three components together. First, Preventsys launches and manages network vulnerability scanners. Second, it gives network managers a laboratory for defining security policy. Third, it unifies reporting and tracking tools that compare VA scan results with security policy.
Preventsys starts by attaching to existing vulnerability analyzers (Internet Security Systems' Internet Scanner and the open-source Nessus are supported, along with some custom 802.11b tools). Once in place, the vulnerability scanners are controlled and updated, and their results collected, by Preventsys. The system normalizes incoming results into a standardized, XML-based format and stores them in an audit database.
Preventsys' policy laboratory contains a library of policies, provided on a subscription basis by Preventsys and augmented and modified by network managers as needed. Policies are written using the proprietary "Policy Definition Language" (PDL), based on XML Stylesheet Language (XSL).
The real value of Preventsys comes in the analysis of the normalized data. It can prepare reports showing where a security policy isn't being met, generate alert messages and can keep and track a list of tasks required to remediate policy failures.
Policies help to both narrow and define the results of vulnerability scans. For example, a policy might say, "A SQL Server is only a problem if it's not behind a firewall." Or, "A wireless access point without WEP is a problem." Preventsys policy definitions also can be used to help predict the effects of network changes. For example, it can diagnose what systems would have to be patched or updated if you were to change your firewall to allow instant messaging traffic.
By giving network managers the ability to manage the reams of data generated by vulnerability analyzers, Preventsys can turn the analyzer into a tool that ensures corporate security policies are actually turned into practice.