Scanning tool addresses flaws on firms' networks

Centennial tool scans corporate networks for security flaws

Centennial Software has made available a tool to scan company networks for security flaws in desktops, applications, and network infrastructure such as Cisco routers. The software is designed to help administrators identify the most pressing vulnerabilities needing attention.

Security.Advisor is available now as an add-on service to Centennial's Discovery asset management tool. It takes the data produced from a Discovery network audit and compares it with an online database of threats maintained by Centennial. IT staff receive a report that lists which systems need patching.

"Our effort in keeping the online database up to date is the real differentiator. This is the first tool to combine discovery with an online feed, " said Centennial's vice-president of marketing, Matt Fisher. The online database contains patch information from Microsoft and other firms, plus it rates the severity of each vulnerability.

"Security.Advisor can say how many copies of Internet Explorer have not been patched and how many Windows systems have not been updated with the latest service pack," said Fisher. Crucially, the tool checks after an update to see if patches have been properly applied.

Another side of the tool is that it can highlight desktop software that may not have been authorised by the IT department. This so-called "greynet" software is not blacklisted, because it is up to an administrator to decide which applications are allowed or not, Fisher said.

Security.Advisor costs £1.76 per seat for 500 seats, while Discovery costs £17.60 per seat for 500 seats. Centennial has also released Discovery 2006 Feature Pack 1, which adds a handful of new asset management features.