COMPUTER BUSINESS REVIEW

Critical. Authoritative. Strategic.

TECHNEWS

CBR is proudly produced & published
by Technews
www.technews.co.za
Issue Date: August 2000 (es)

European communities trends

1 August 2000

To help organisations identify security vulnerabilities in their infrastructure, Mercury Interactive, a provider of enterprise testing and application performance management solutions, has introduced ActiveTest SecureCheck, the industry's first hosted security testing service.
Graeme Allcock, Sales Director for Mercury Interactive in South Africa, says ActiveTest SecureCheck measures the impact of a heavy user load on firewalls, web security systems, intrusion detection systems (IDS) and critical business components, giving customers the real-life view of their site's vulnerabilities. It also provides the ability to simulate denial of service (DoS) attacks to assess the vulnerability of infrastructure and application components.
"Through thousands of load tests conducted with ActiveTest, the company's hosted load testing service, Mercury Interactive's testing experts have tested a variety of infrastructures, seen the effect a heavy user load can have on security systems, and have helped companies validate the performance of their security components," he explains.
Mercury Interactive has licensed security scanning technology from Qualys, a leading provider of enterprise network vulnerability assessment and monitoring solutions, and combined it with the powerful load generation capabilities of ActiveTest to deliver the first security testing service. With Hailstorm, a product from ClickToSecure, ActiveTest SecureCheck adds to its potent repertoire of DoS simulations including buffer overflows, SQL, and DoS attacks targeting specific applications and infrastructure components.
"ActiveTest SecureCheck is the only service available to address all the necessary components to ensure a protected website, from DoS simulation to on-line vulnerability testing" says Phillipe Courtot, Chairman and CEO of Qualys, the leading provider of security scans. "We are pleased that the established leader in load testing has integrated Qualys' QualysGuard Online Vulnerability Scanning as a key part of its unique and proactive solution to a critical business problem."
Mercury Interactive is teaming up with network reliability companies, like Asta Networks, focused on solving the DoS problem, and with security services providers like Guardent, specialised in managed services for enterprise security and privacy programs, to assist companies in implementing the necessary changes to tighten security. In addition, it is enabling its network of solution providers to offer security testing in their customer engagements. Initial solution providers who will utilise Mercury Interactive's security testing service include EYT and Deloitte Consulting.
For details contact Graeme Allcock of Mercury Interactive South Africa on tel: (011) 802-1011 or e-mail: graemea@merc-int.co.za
Security solutions: the need for performance testing
Companies often assume their infrastructure is secure because they have gone through the process of setting up firewalls, Intrusion Detection Systems and other security measures. Without thorough testing, a company cannot be sure that its firewalls, IDS and/or applications will maintain their secure status under a heavy user load or under a DoS attack. With ActiveTest SecureCheck, companies can proactively determine how their security systems will perform under adverse conditions, and rectify any vulnerabilities.
"Special promotions, events and holidays often lead to huge increases in site traffic," says Theresa Lanowitz, Research Director at Gartner. "The impact of added stress on a company's infrastructure can have a detrimental effect on the security measures that have been implemented.
"Companies must identify holes in their system and address them before it impacts their customers or their bottom-line."
New security testing suite pinpoints possible security breaches
* Network Discovery Scan - Used to detect machines outside the firewall. This scan produces a graphical map of all machines visible - and possibly accessible - to the outside world or across a range of IP addresses.
* Infrastructure Vulnerability Scan - Performed before, during and after load scenarios, this scan gauges the effects peak traffic conditions have on all security services and software components accessible via the Internet.
* DoS Attack Simulation - Targeted at key infrastructure and application level components, these simulated attacks are launched from load farms throughout the world and enable the ActiveTest SecureCheck team to gauge a server's susceptibility to a DoS attack. Examples of DoS scenarios include DNS attacks, SYN floods, FIN and smurf floods, HTTP connection blocking and bandwidth saturation and session floods.
* IDS Limits Scan - This security scan helps validate performance of the IDS and determine its reliability under heavy network traffic. Upon completion of these tests, ActiveTest SecureCheck experts send the customer a detailed report of their findings and schedule an in-depth discussion where they offer suggestions to help fortify the applications against possible security breaches.


Others who read this also read these articles

Search Site





Search Directory

  • Search for:





Subscribe

Previous Issues