Vendor Analysis: Interliant's Security Vulnerability Assessment
Author - Laura
- January 14, 2002
security vulnerability assessment service is a risk management process.
Interliant's security vulnerability assessment service enables its clients
to understand what risks their online transaction systems and network
infrastructure face. Relevant Technologies has taken an in-depth look at
Interliant's security vulnerability assessment service to find out what
their tactical strategy is in helping organizations minimize risk, how
this strategy evolved, and what IT decision makers can expect to gain from
using their services.
businesses continue to put their critical systems, data, and applications
online, the importance of security and privacy become increasingly
critical. Financial loss is only one of the many online losses a company
can fall victim to. A Security Vulnerability Assessment (SVA) has become a
crucial service to any company with valuable online data or infrastructure
connected to the Internet.
is a leading global application service provider (ASP), and, according to
Gartner Group, is the third largest ASP in North America. With the
purchase of Triumph Technologies in November of 1999, Interliant became a
leading provider of security and managed security services. According to
Giga Information Group, security outsourcing services are growing at a
rate of 35% compared to 25% for other corporate information technology
outsourcing services. Security vulnerability assessment services are just
one segment of the security outsourcing marketing. Interliant's INIT
Security Vulnerability Assessment (ISVA) service has matured significantly
in the last few years, and continues to be one of its most popular
security outsourced services.
ISVA service does a lot more than evaluate the security of a website or
perimeter network. Physical access controls of the facilities are
reviewed, as well as both the hardware and software configurations of the
firewall. The firewall rules, the router access lists, and the security of
individual hosts are reviewed and tested for potential security exposures.
If virtual private networks (VPNs) and authentication systems are in
place, these are tested to see if they are configured correctly and are
protecting the infrastructure as expected. Remote access systems and
passwords are also tested for weaknesses and exploitability.
is important to note that a security vulnerability assessment service
gives you the security posture of your network for a single snapshot in
time. In order to understand the appropriate corrective action to take to
secure the exposures, you need this security snapshot in order to
formulate your security agenda going forward.
inappropriate access to your backend systems, or exposing your
customers' credit card numbers, could prove costly and lead to resource
depleting litigation. Since your infrastructure changes daily, Relevant
Technologies recommends businesses with highly sensitive and confidential
corporate and customer information perform a third-party security
vulnerability assessment once a quarter.
addition to quarterly assessments, Relevant recommends that internet-based
penetration tests be performed on a monthly basis. Interliant's ISVA
service offers best-practice penetration testing capabilities that are
able to substantially mitigate future security exposures. Other
significant contenders in the SVA market that compete with Interliant
include @Stake, TruSecure, and Predictive Systems. With the security
market approaching $6 billion USD a year and growing at a rate of about $2
billion USD for the foreseeable future, Relevant Technologies expects
Interliant to be able to grow and sustain its ISVA service in spite of the
1. Corporate Information
Quarter 00 Revenues
Quarter 01 Revenues
Quarter 00 Revenues
Quarter 01 Revenues
as of June 30
Strategy and Trajectory
security services serve global organizations that have local networks in
varying locations. Interliant assists organizations of all sizes with
security vulnerability assessments in order to:
revenue streams Safeguard customer and corporate information
site outages and performance problems
responsiveness of intrusion detection systems
secure and seamless information access
or deter denial of service attacks
customer contractual obligations
unauthorized financial transactions
mitigation in mergers and acquisitions
corporate risks to meet SEC criteria
infrastructure against cavalier engineers
organizations gain competitive advantage
in setting security IT agendas
organizations in qualifying for Information Protection Insurance
a security vulnerability assessment done by an independent and outside
authority shows that an organization has taken due diligence and
objectivity in working towards a secure infrastructure.
performs this service directly and has considerable success doing so. As a
result, Interliant's SVAis not available through any reseller channel,
and we expect that a channel strategy will not be necessary for future
2. Product Information
to large sized businesses
has a proprietary formula for identifying an organization's level of risk.
By applying this formula to an organization's network infrastructure, it
is possible to calculate a numerical statistic from which an organization
can base future security assessments. For carrier-class organizations,
this means that Interliant can measure the risk of a group of networks, or
measure the security of different divisions, assign a risk exposure grade,
and find out which networks or corporate divisions are creating the
greatest exposure for a company. Once a risk grade has been applied to
different divisions in an organization, if the same methodology is used
consistently, trends can be noted.
does not rely on any one particular vendor or network-scanning tool to
assess a client's web site or network. They use multiple assessment tools,
some commercial, some open source, and some home-grown, which all have
strengths in different areas. Their experience has shown that one tool
will not accurately identify all vulnerabilities. Additionally, they make
use of protocol analyzers, intrusion detection sensors, and port listeners
if the situation warrants it.
all scanning tools turn up false positives from time to time, the first
thing Interliant does is to confirm a detected vulnerability. If the
customer requests it, they can further exploit the vulnerability, and
penetrate the customer's network, if further verification is required.
However, once vulnerability is verified, Interliant's primary concern is
always to resolve the exposure as soon as possible in order to help their
clients minimize risk.
the security vulnerability assessment market grows, so does the number of
ASPs that offer competing services. Currently, other ASPs that offer
security vulnerability assessment services include Exodus, Genuity, and
from the ASP competitors, other reputable security vulnerability
assessment services are being conducted from consulting firms like Ernst
& Young, Foundstone, IBM, Netigy, and Vigilinx. Some of the security
services provided by these other vendors do not have the years of
refinement that Interliant's security services offer, however, it should
be noted that these vendors are competing for the same customer base that
Interliant is targeting.
many of their competitors having large customer bases distributed
nationally and internationally, there will be significant challenges for
market share in this segment. Interliant will need to expand their
regional strength to other cities on the East Coast, like New York, and
Washington, D.C., in order to create a more national presence. Replicating
their focus on security to other major markets, and hiring new staff to
ramp up these strategic geographic locations, will increase Interliant's
ability to remain competitive.
order to leverage the growing need and market for security vulnerability
services, Interliant will need to step up its marketing campaign in order
gain name recognition in the security service provider category.
Interliant's strength in security comes from its years of experience and
being well entrenched in the New England market. The necessity to
communicate to a multi-national market its depth of expertise is critical
to Interliant's success. Partnerships and strategic alliances will
increase Interliant's ability to obtain a national presence.
remains considerable disparity between best and worst-practice security
vulnerability assessment services today. Interliant's service is
well-defined, and has withstood the scrutiny of many years of customer
implementations. The challenge for Interliant will be to educate the
market of their expert capabilities. With sufficient marketing resources,
Interliant will be able to more clearly differentiate itself as a premiere
leader in a competitive landscape.
an organization's security vulnerability service is a reasonable solution,
and is often more cost-effective than doing it in-house. The costs
associated with performing a security vulnerability assessment include a
substantial investment in scanning and penetration tools, and often times
multiple tools are required to do a thorough job. As well, knowledgeable
security staff resources are required, and it may not make sense from a
cost perspective for some companies to have a person dedicated for this
task alone. Finding knowledgeable security employees is difficult, and,
once found, they are expensive to keep on board. Leveraging the skills and
resources from Interliant shows that an organization is taking steps to
improve its security posture, and safeguard their customer data and
of the vendors offering security vulnerability assessment services are
technically competent to address technical risks, but are not
knowledgeable in regards to the business impact of their actions. Unlike
other security service providers, Interliant, through its unique risk
management formula, is able to align technical risks with business risks,
and come up with an approach that balances technical security with
appropriate countermeasures and a comprehensive conclusive report.
Interliant's final security vulnerability assessment report includes an
executive summary, a report card, security profiling, vulnerability
findings, a topology and infrastructure review, a summary of
recommendations, and a security roadmap to use moving forward.
risk is critical to the long-term success of most organizations with
moderate to large-sized budgets. Businesses have a limited amount of
resources, and eliminating high-risk exposures can prevent a total
collapse of a corporate infrastructure moving forward. Understanding the
relationship of security risks to other areas within the organization can
act as a starting point for a corporate-wide risk management framework.
using Interliant's security vulnerability assessment service you are
purchasing a proven pre-defined service. With impressive capabilities and
references, this service is ideal for businesses and organizations of all
sizes that are not able to justify dedicated in-house resources to develop
specialized technical security auditing capabilities.
Taylor is the Chief Technical Officer of Relevant Technologies (http://www.relevanttechnologies.com)
a leading provider of original information security content, research
advisory services, and best practice IT management consulting services.
You can contact her by e-mail on firstname.lastname@example.org.