PentaSafe aims to plug OS security holes

PentaSafe, a developer of security auditing software, is moving beyond its AS/400 roots
Written by John S.McCright, Contributor on

PentaSafe will next week announce new versions of its software for identifying operating system security holes in Unix, Linux and Windows NT systems.

The company's VigilEnt auditing software sends out agents that reside on all the servers across a network and report back to a central console. VigilEnt, in conjunction with other PentaSafe software, enables IT managers to query the agents and create 165 reports on such things as the names of users on the network or the characteristics of all the valid passwords on it.

The software, which enters general availability next week, will be priced at $750 (£465) per Windows NT agent and $1,500 (£930) per Unix agent. PentaSafe is also developing an agent for Windows2000, but officials wouldn't say when it is expected to ship.

In addition, PentaSafe next week will introduce new agents that work with Apache and Netscape Web servers to protect against hackers. The VigilEnt software in this case monitors the state of the Web servers from the safety of a mirrored server; when an unauthorised change is made to a Web page, it is automatically reverts to its original state, according to Doug Irwin, PentaSafe's president and chief executive.

Also next week, PentaSafe will announce partnerships to integrate its software with BEA System's Tuxedo transaction software and Red Hat Software's Red Hat Linux. VigilEnt, which will ship as part of the next Red Hat Linux operating system upgrade this summer, won't work across all the servers on a network, as it will with Unix and Windows NT. Instead, the PentaSafe software performs security audits on each individual Linux server one at a time, Irwin said. "Our Linux products are still based on individual servers," Irwin said. "That is a market play, so Linux users will have a good experience and use VigilEnt when they eventually build Linux-based networks.

"Our main goal is to secure the digital economy," Irwin said. "As you move into B2B auditing, you can no longer do it after the fact. You need to monitor these hundreds of transactions as they are happening -- who is moving what on a real-time basis."

Although PentaSafe software can't do real-time security audits, it does what the company calls "active auditing". "Later this year or early next year we'll build an electronic security plan [that] would spread out over the network and do real-time auditing," Irwin promised.

What do you think? Tell the Mailroom and read what others have to say.

Editorial standards