PRODUCTS & SERVICES

Cenzic Hailstorm® Plus - A Total Solution

Turnkey Security Assessment and Management for Web Applications

The quick, accurate and trustworthy approach to application security management

With over 75 percent of hacker attacks coming through applications (Gartner), companies are realizing that they need to act immediately to protect their assets, the privacy of their customers, and the reputation of their Web sites as safe places to do business. But finding a solution that's fast, reliable and cost-effective over the long term isn't easy. At Cenzic, we believe that technology alone will not meet these criteria. With that belief, we've developed a turnkey approach to securing Web applications that combines three critical components for success: an assessment methodology, an initial assessment via our software as a service to jump-start the process, and the most accurate product in the industry for cost-effectively maintaining security into the future.

Key Benefits

• Quickly secure applications by leveraging Cenzic's resources and software as a service offering
• Implement a proven application security methodology based on Cenzic's years of experience helping high profile companies secure mission-critical Web applications
• Meet all your needs for attack resistance, regulatory compliance and conformance with internal security policies using a single source

Assessment Methodology

The Cenzic Assessment Methodology Service is designed for organizations with Web-based applications that communicate with a back-end database. Cenzic consultants employ a four-step approach to get organizations focused on best practices for application security:

• A detailed examination of vulnerabilities
• An assessment of security policies and procedures
• Remediation recommendations
• Mechanisms for ongoing process improvement

This approach delivers rapid results, and builds the foundation for a successful application security management program based on best practices rather than trial-end-error.

  Cenzic's turnkey approach to securing Web applications

Cenzic ClickToSecure™

ClickToSecure is a software as a service available on a per assessment or scheduled basis that accesses applications remotely and, using Hailstorm, automatically assesses attack resistance, regulatory compliance and potential security flaws in application logic. Cenzic experts perform the service, thus minimizing the resources and investment required from the enterprise. Deliverables include thorough reports on security and compliance issues, remediation recommendations and methods for process improvement.

Cenzic Hailstorm

Cenzic Hailstorm can be licensed on an annual subscription basis to provide automated security assessment of custom and commercial Web applications. Key benefits include:

• Patent-pending Stateful Assessment™ technology to maximize detection of vulnerabilities while minimizing false positives
• The SmartAttack™ library, consisting of hundreds of attack objects that can be used enterprise-wide to test thousands of vulnerabilities in Web applications
• Centralized architecture, capable of supporting the most broad-based deployments, to enable global sharing and collaboration
• Multiple reporting options, including management dashboards to provide snapshot views of vulnerabilities, enable quick responses and optimize allocation of resources

Hailstorm can be used at any stage of the application lifecycle from requirements through production. At the front end, individuals from the information security group can define the testing process by choosing from existing attack objects in the SmartAttack library, modifying them, or writing custom objects. These objects can subsequently be used by developers or Q.A. personnel enterprise-wide in a globally dispersed, collaborative environment.

Management Dashboard to View Results and Trends

The information from Hailstorm is available in a variety of forms. A management dashboard provides a snapshot view of vulnerabilities, as well as trend information. In addition, more detailed, role-based reports are available at the executive, manager and technical level. These reports can be exported to a variety of formats, including PDF, Microsoft Word and Excel documents, rich text, and Crystal Reports from Business Objects.