@stake released @stake SmartRisk Analyzer, an automated solution that can identify security vulnerabilities in software applications. The solution goes beyond source-code analysis to identify security flaws. Developers can perform deep static analysis of the application binary code by mapping application-control and data-flow paths into a comprehensive security model. SmartRisk Analyzer lets developers find and fix security flaws early in the development cycle. The product enhances security application by mapping all control and data-flow paths. Following a range of propagation on all variables, SmartRisk Analyzer performs hundreds of risk-analysis scans on the model to identify hundreds of different types of security vulnerabilities. The software also generates Developer and QA Reports that rank, categorize, and prioritize security flaws by severity and highlight the root cause of the flaws in the original source code.
"It's important for developers to identify and fix security flaws early in the development cycle, but with security expertise in short supply and time-consuming manual secure code reviews prone to errors, there haven't been many cost-effective and reliable options," Chris Wysopal, vice president of research and development at @stake, said. "Technology that can automate the inspection process, peer deep into the application binary to find flaws, and help developers prioritize and act on vulnerabilities will provide a new level of quality assurance for software security."
SmartRisk Analyzer can help you minimize requirements for inhouse security expertise because its analysis runs automatically and unattended without the need for manual test suite generation. The product scans for vulnerabilities that originate from unsecure or improper use of programming languages and standard libraries. SmartRisk Analyzer also inspects for vulnerabilities associated with the deployment platform on which the application runs. Contact @stake for pricing information.
BACKUP AND RECOVERY
Create System-State Backups
Quest Software released an enhanced version of Quest Central for Microsoft, a free administrative console with plug-in capability for Quest's Aelita ERDisk, which can create system-state backups for Windows 2003/XP/2000/NT computers remotely and across an entire network. ERDisk collects repair data efficiently and stores data centrally on a secure file server. You can then use a central console to recover data quickly after configuration-related problems or from unbootable systems. Quest Central for Microsoft now also supports more Active Directory (AD) objects so that you can create and manage contacts, containers, computers, organizational units (OUs), printers, shared folders, users, and groups. You can download Quest Central for Microsoft for free at Quest's Web site; pricing for ERDisk starts at $179 per server and $39 per workstation.
MKS released MKS Toolkit 8.7, a solution that lets you port scripts, source code, and working environments from UNIX to Windows. The comprehensive suite of scripting tools can help you automate tasks and improve user productivity and cross-platform interoperability. The new version provides gcc compiler support for migrating applications from UNIX or Linux to Windows. Other features include support for 64-bit platforms such as AMD64 and, when available, Pentium 64 and Xeon 64. The MKS Toolkit suite of products starts at $359.
Stop Unwanted Email Messages
Sybari Software announced Sybari Advanced Spam Manager 8.0, an antispam and content-filtering solution that incorporates the Mail-Filters SpamCure engine, multiple filtering methods, and spam signatures. The Mail-Filters SpamCure engine combines the Bullet Signature Database, which detects spammers and spam messages, and the Spammer Tricks Analysis and Response (STAR) engine, which neutralizes spammer methods. Advanced Spam Manager also features automatic creation of Advanced Spam Manager junk mail folders on the server for each email user. Advanced Spam Manager can evaluate multiple categories, including message, header, and traffic, and provides signature database updates on a per-server basis or centrally through the Sybari Enterprise Manager. Advanced Spam Manager is available as a standalone antispam solution at the gateway or as an optional integrated component for Antigen for SMTP Gateways and Antigen for Microsoft Exchange. Pricing is $17.25 for a 2-year renewable license for 250 users.
Manage Applications and Secure Access
http://www.tarantella.com, 831-427-7222, 888-831-9700
Tarantella released Secure Global Desktop Terminal Services Edition, a companion to Terminal Services. The software provides application management and secure access capabilities for Windows Server 2003 and Windows 2000 Server environments. Secure Global Desktop provides centralized management and control while maintaining security. You can meet the challenges of dispersed infrastructure and resources for any size of business in any location and provide access to whoever needs the information. Secure Global Desktop provides secure remote access to real-time information for mobile workers and branch offices, adds management capabilities to extend the efficiencies of server-based computing, and protects the IT investments you've already made. Secure Global Desktop provides native support for the RDP protocol to access applications. The product features a Web-based management console to centrally manage servers, applications, and users; a high-fidelity UniDriver to eliminate printer driver conflict; the ability to self-diagnose system functionality and user errors; application-usage metering capability; and comprehensive audit trails and logs. Secure Global Desktop licenses are available for free with the purchase of a 2-year maintenance agreement for $59.95 per user.
eIQnetworks released eIQ SystemAnalyzer, event-management software that provides automated rules-based collection, correlation, monitoring, and analysis of syslog and event-log data from enterprisewide and distributed Windows, Linux, and UNIX systems. You can use the software to identify vulnerabilities, threats, and attacks from within the network before a catastrophic event occurs. The software automatically collects and correlates system, security, application, directory service, file replication, DNS, Microsoft Internet Security and Acceleration (ISA) Server, Exchange Server, SQL Server, IIS, and print-server events. eIQ SystemAnalyzer provides a consolidated view of each system's status sorted by event severity. The software features real-time alerting and automatic notification capability so that you can react to suspicious activity and avoid disaster. eIQ SystemAnalyzer costs $795 per license for as many as 10 systems.
Avoid Lost Productivity
http://www.ipswitch.com, 781-676-5700, 800-793-4825
Ipswitch released Ipswitch WhatsUp Small Business 2004, software that can monitor and protect a small network. You can use the software to map your network, monitor devices, and learn about possible failures before they become catastrophes. The software autodiscovers the network and finds network devices by name or network address within a selected range of network addresses or by performing an SNMP scan of the entire local network. The solution can monitor key devices from a spectrum of device types. WhatsUp Small Business uses TCP protocols to monitor services, including DNS, POP3, FTP, SMTP, HTTP, and IMAP4, running on the selected devices. You can run current and historical reports that include information about a device's health status, device availability by percent of devices, up/down history of each device (by month, by week, by all or part of a day), and response time performance (displayed as hourly or daily averages). Pricing is $295.
Systweak released Advanced System Optimizer 2.0, an application that lets you fine-tune PCs to run faster, cleaner, and error-free. New features in version 2.0 include a spyware detective, email checker, and icon manager. The software removes cookies, Web history, and recent document history to ensure that other users can't retrieve sensitive information. The program can also identify and remove files that are missed by the system uninstaller, defragmentation software, and scandisk programs. The Registry Cleaner and Fixer removes invalid information from the Windows registry so that the computer won't slow down or crash. The application's backup and restore functions can back up the Windows registry and restore it if a virus affects the system. Advanced System Optimizer 2.0 runs on Windows 2003/XP/2000/NT/Me/9x and costs $39.95.
TweakNow released TweakNow RegCleaner 1.3.1, a program that can eliminate clutter from the Windows registry. RegCleaner can find and remove obsolete registry entries that result when software isn't completely uninstalled. The program scans all crucial parts of the registry and automatically makes a backup of the registry so that you can restore it to the prescanned state. RegCleaner runs on Windows XP/2000/Me/98 and costs $13.95. A free noncommercial version that doesn't include the ability to scan the registry's applications section is available. See associated figure