Verisign brings security profiling to Europe

Infosecurity 2006: Large UK companies can now use Verisign's Secure Risk Profile Service for help in keeping their networks patched and protected

On Tuesday, Verisign launched a service to help large European companies keep their networks and systems secure.

Secure Risk Profile Service was first unveiled in the US last month, and is now available to companies across Europe. Verisign says a firm can use the product to work out exactly which vulnerabilities are a serious threat to its infrastructure. It can also visualise the impact of a major change in the IT system — perhaps through the acquisition of another company.

"Companies typically have separate teams for patching, change management and event monitoring," said John Ferguson, Verisign's director of product strategy. "Because they're in different silos, individual teams can't have complete context about whether a vulnerability is an issue outside their remit, or in another part of the organisation."

Vulnerability management products, which tell companies when a new flaw affects their products, are commonplace today, but Ferguson insisted that Secure Risk Profile Service offers more.

"We have built network context on top of vulnerability management," Ferguson said.

In practice, this means that the product will have an understanding of how the various IT components within a company fit together. Verisign says that it can work out which vulnerabilities need to be patched on which systems, by tracking how servers, applications and databases are interlinked.

Ferguson claimed that the product could take 1,000 vulnerabilities and work out which 50 a company actually had to address.

Secure Risk Profile Service will be offered as a managed service, at a price that varies depending on the size of a company's network. Ferguson suggested that it could cost around $100,000 (£55,000) a year for a large company with up to 100 network assets to protect.

At that price, the service will be targeted at large companies and organisations, especially those in sectors such as finance and healthcare, which have critical data that must be kept secure.