In an effort to move from distributor to developer, infrastructure software provider Sunbelt Software has released an upgrade to its Sunbelt Network Security Inspector (SNSI) vulnerability assessment (VA) tool.
Industry observers said the Clearwater, Fla.-based vendor is aiming to take advantage of one of the few areas where companies are willing to invest: security.
SNSI version 1.6 scans for vulnerabilities in Windows platforms and systems running Sun Solaris, HP-UX, Red Hat Linux and Mandrake Linux and SuSE Linux, as well as Cisco routers and HP printers. The new edition adds more informative scan results and additional reporting capabilities.
One of a network manager's primary tasks is often to ensure network security, and, according to Sunbelt founder Stu Sjouwerman, a layered network defense strategy is vital.
"Firewalls are one thing, but by themselves they don't cut it," Sjouwerman said. "Administrators find out what their network vulnerabilities are via vulnerability assessment tools."
Vulnerabilities encompass problems such as buffer overflow, configuration issues and protocol flaws. VA tools were developed to scan network systems for those vulnerabilities.
Though some network administrators may question the need for a third-party VA product beyond the router management software that accompanies Cisco gear, Sjouwerman said Cisco's router management software and third-party network security software are two different animals.
"Router management software is not built to test for vulnerabilities," Sjouwerman said. "They try, but they just can't get their software secure enough." He said that's why it's important to have a product that can look at a network's weak spots from the outside.
Laura DiDio, a Yankee Group senior analyst, said SNSI and other comparable products are only necessary when there is a demand for interoperability, such as needing to open up a network to business partners, customers, or suppliers.
"SNSI is aimed at enterprises rather than a small-scale SMB," DiDio said. "It gives you a lot more granularity in terms of the way you can configure the security, alerts and the things that it monitors for."
When choosing network security software, the small and medium-sized business (SMB) market should consider technological granularity and ease of use, according to DiDio. She said SNSI exudes both qualities well and fares favorably in the current marketplace.
According to Sjouwerman, the VA tool market is segmented into four basic categories:
Sjouwerman said Sunbelt recently partnered with Harris, a $3 billion defense contractor responsible for building the STAT database for federal government defense agencies. Harris and Sunbelt developed a licensing agreement to use the SNSI along with the STAT database.
He also said the deal proves that it's possible to offer a military-strength VA tool for $1,495, a fraction of the price of high-end commercial products. He said the price is significantly lower because it is licensed by an administrator, instead of an IP address or the number of devices being scanned.
Sjouwerman said his company made the transition from distributor to developer because it eliminated the need for another vendor's tech support.
He added, "And frankly, you have better margins and it's much more interesting to be a software developer than a software distributor."