NCircle protects against exposure
- Article 60 of 77
- Information Age, January 2003
NCircle claims its IP360 can provide a constant assessment of security threats to a company network.
NCircle's IP360 will not protect a network from hacker attacks. It cannot scan emails for viruses. And unlike other security devices, it does not secure a network itself. Instead, it creates security awareness. By monitoring devices, applications, network traffic and even business processes, it tries to detect intrusion attempts and potential security flaws in the IT infrastructure. It then advises where and how to plug the holes.
Founded in 1998 as Hiverworld by John S Flowers, the former chief Internet security architect at energy company UtiliCorp United, the company originally provided security auditing and penetration testing to Fortune 500 companies. But with the release of IP360 it adopted the name nCircle to emphasise its 'holistic security' approach.
Rather than just trying to ensure a company can withstand an attack by implementing firewalls and other security equipment that may be breached when the attack comes, the approach includes a number of preventative and monitoring processes so that security is constantly being checked as devices and applications on the network change. It can warn administrators when possible flaws are located on the network, how to fix them and even automatically assign security maintenance tasks to staff. It also regularly downloads details of newly unveiled vulnerabilities from nCircle systems to keep its vulnerability probing up to date.
The approach, labelled Network Exposure Management by nCircle, has some solid fans. The company has attracted $34 million in capital from a group led by Menlo Ventures and has garnered interest for its product from financial services companies such as Visa and California-based bank Patelco Credit Union. Patelco says that within the first week of operating IP360 on its internal network, the device had found several internal systems that needed security upgrades - something that would have taken a full-time security engineer a month. “It paid for itself in a week,” says Patelco.
At $150,000 for a typical installation, IP360 may be too expensive for many organisations. But enterprises with significant levels of exposure will find that price tag cheap.