InformationWeek

With the launch this week of its security portal, eSecurityOnline.com, the consulting firm says it's offering businesses an efficient way to identify and eliminate the breaches most likely to threaten their networks.

Tony Spinelli, an eSecurityOnline .com VP, says the portal has records of more than 2,000 vulnerabilities, enabling clients to create custom asset profiles, queries, and reports covering 40 operating systems and numerous common applications, devices, and databases found in business environments. Clients complete a security assessment profile, and eSecurityOnline gives them "the tools to ensure that their information security policy is constantly updated and enforced," Spinelli says.

The service's ability to send custom vulnerability information is a time-saver for DST Systems Inc., a Kansas City, Mo., computer software and services company. Before the company became a beta site for eSecurityOnline, DST's staff had to scour security newsgroups and mailing lists and rely on vendor updates to keep track of potential problems in a network of several hundred Windows NT and Unix servers and about 9,000 PCs. "Finding vulnerabilities and determining if they were relevant was a real drain," says Debbie Briegel, DST's assistant manager of data security.

Ernst & Young is the first of the Big Five to provide this level of outsourced security services, says John Pescatore, research director at Gartner Group. He says demand for such offerings will be fueled by companies' inability to find skilled security professionals.