IN THIS ISSUE
Reference Library: Security Products and Services
Information security and assurance hardware, software, and services.
3Com networking products include modems, firewalls and routers. Software downloads include updated drivers for network adapter cards, modems, and network management software.
8e6 Technologies provides monitoring and filtering products to provide safe Internet access and manage employees' Internet usage for inappropriate content.
Absolute provides the CompuTrace computer tracking system, which silently calls in to the CompuTrace Monitoring center on a regular basis. If a computer is stolen, CompuTrace traces the stolen computer the next time it calls in.
ActionFront Data Recovery Labs
ActionFront provides engineered solutions for individuals, computer dealers, service organizations, corporations, universities, and government agencies in Canada, the United States, South America, Europe, Asia, and the Caribbean.
Advanced Software Products Group
Advanced Software Products Group provides software solutions for the S/390 platform in capacity planning, security, disaster recovery, and CICS.
Altiris SecurityExpressions audit and compliance solution reviews system security configuration settings, antivirus status, personal firewall status, industry-known vulnerabilities, and unauthorized software and hardware.
Altronix Corp. designs and manufactures electronic components for the security industry, including access control, closed-circuit television, burglar, and fire alarm components..
Anyware Technology Inc.
Anyware Technology provides software solutions to communication and network security issues, and provides e-commerce security infrastructure for wireless telecommunication services and industry-centric networks.
Application Security Inc.
DbEncrypt provides database column and row-level encryption within: Oracle, Microsoft SQL Server, IBM DB2/UDB, Sybase Adaptive Server, and MySQL databases. Complements existing encryption solutions (SSL, PKI, etc.).
Argus Systems Group Inc.
Argus Systems Group provides e-business security solutions, protecting vital applications by locking down the intellectual property stored on Web servers, e-mail servers, and corporate databases.
Attest Systems Inc.
Attest Systems Inc. provides the GASP product suites, an inventory tool for PC asset and software management. GASP is designed for use as legal evidence of software compliance status.
Audit Serve Inc.
Audit Serve provides audit and security services as well as consulting in security, controls, systems, and software development audits and implementation.
AuditWare Systems Ltd.
AuditWare provides software solutions in auditing, data mining, data analysis, and prediction applications such as Data Import, Examiner, UNIX Security Auditor, WizRule, WizWhy, X Drill, and Caseware IDEA.
Bardon Data Systems
Full Control offers security access management, network-based remote administration, help desk/diagnostics tools, license metering, browser monitoring, and more for standalone or networked computers.
BladeLogic offers software solutions that enable companies to manage thousands of heterogeneous, distributed servers using command lines and a secure interface.
Blue Lance Inc.
Blue Lance provides real-time monitoring, auditing, and computer forensics technology for Windows and Novell networks.
Bokler provides information security products and services based on cryptographic technology for data protection and privacy, authentication, and non-repudiation.
BT Global Services
BT solutions include mature e-commerce and systems integration consultancy, broad-service applications, content hosting and distribution, Internet connectivity, and data transport services.
C&A Systems Security Ltd.
C&A Systems Security is a U.K.-based company offering security and risk analysis products and services such as COBRA Risk Consultant, ISO #17799/BS #7799 Security Consultant, and cryptographic products.
CBL Data Recovery Technologies
CBL recovers mission-critical data after other conventional methods and experts have failed.
Network server appliances integrate with software applications to deliver end-user solutions for integrated security, virtual private networks, antivirus solutions, office network, wireless tools, and groupware.
Centennial Discovery audit product allows companies to audit and track changes to IT assets. Centennial LANProbe allows IT managers to track the physical location of networked assets from their desk.
Check Point Software
Check Point Software provides VPN, firewall, and products to enable secure communications, and resources for corporate networks, remote employees, branch offices, and partner extranets.
Cigital provides research services, research papers, software certification, and new software security products to help organizations enhance their reliability, safety, and security solutions.
Cisco Systems provides networking products for businesses of all sizes, including routers, LAN and ATM switches, dial-up access servers, and network management software.
Software for electronic communication security and management includes Mimesweeper content solutions for Web access, virus, and spam.
Computer Associates International
Computer Associates produces software products and services to manage and secure IT infrastructure, business information, and application development.
Computer Conversions Inc.
Computer Conversions provides testing for tape media, tape drives, and tape backup software developers and manufacturers. Services include forensics, data recovery and reconstruction, and emergency services.
Computer Operations Audit and Security Technology (COAST)
COAST functions with close ties to researchers and engineers in major companies and government agencies. Its focus is research on real-world needs and limitations, with a specific emphasis on methods of securing legacy systems.
Computer Sciences Corp. (CSC)
CSC provides e-business solutions for applications, business processes, credit services, customer relationship management, enterprise application integration, hosting, security, IT infrastructure, and supply chain management.
Computer Security Products Inc.
Computer Security Products Inc. provides data security and enterprise management solutions and consulting services. Products include AuditView, SecurTN encryption, Alert-Plus 2, and Tandem Security Analyzer.
Comserv Inc., a professional services and software corporation, provides auditing and investigative services, engineering and integration, information security solutions and consulting.
Control Solutions International
Control Solutions International's services focus on process improvement reviews, technology audits, best practice surveys and reengineering facilitations, benchmarking, risk and control self-assessments, security, and vulnerability.
CornerPost Software LLC
CornerPost Software LLC provides solutions to inappropriate online content so organizations can enforce their Internet use policy, while still having low administrative overhead.
Corporate Computer Consultants Ltd. (CCCL)
Information security and technology audit consulting is CCCL's core business. The company advises on and reviews general IT and network security controls.
Countermeasures Information Security
Countermeasures InfoSec provides security consulting, vulnerability assessment, and knowledge-based software to conduct security audits on information technology systems and networks.
Counterpane Internet Security Inc.
Counterpane uses analysis and correlation tools to monitor the entire network and help take action to keep its business running smoothly. Site provides white papers, presentations, references, and news.
Courion offers an integrated family of identity management solutions for account provisioning, password reset and synchronization, digital certificate registration, and profile management.
Cryptek provides secure communications products for government and private sectors, including the DiamondTEK network security product line developed to meet the National Security Agency B2 functionality and trust.
Crystal Group Inc.
Crystal Group Inc. provides turnkey server architecture designed for high-density/space-constrained mission-critical communication installations worldwide.
Computer Sciences Corp.'s Riskmaster risk management claims software works with existing networks, databases and hardware to integrate with a local area network, a wide area network, an AIX/UNIX system server, or remote intranet applications.
CyberSoft antivirus software searches for virus, hacker, and security problems on UNIX and Linux systems. CyberSoft also offers a collection of white papers on viruses, antivirus, UNIX, and computer security.
Delphi Development Group
Delphi's Corporate Access Management Systems security planning and audit tool allows organizations to plan user rights for each IT system and application and to address internal security breaches.
Digital Defense Inc.
Digital Defense Inc. the network security expert, provides quantifiable vulnerability assessments and state-of-the-art security services to those with online access, from securing systems to protecting online assets.
DriveSavers Data Recovery
DriveSavers specializes in recovering lost data for individuals, corporations, educational institutions and government agencies.
Dynamic Systems Solutions Inc. (DSS)
DSS auditing software for J.D. Edwards application set-ups include Auditron, Financial Audit Assistance Software, and Security Commander.
Eagan, McAllister Associates Inc. (EMA)
EMA provides engineering, management, and logistics support contracting for Department of Defense, the federal government, industry and international clients.
Eberhard Klemens Company (EKC)
EKC provides information security products and services: mainframe legacy systems, e-Business applications, CA-ACF2 administration tools, emergency firecall access for RACF, security reporting, and newsletter.
Ecora's suites of configuration management, reporting, auditing, and change management software address disaster recovery, security monitoring, staff knowledge retention, and network and server consolidations.
eEye Digital Security
eEye Digital Security provides high-end network security products and contributes research and education to the network security industry.
Electronic Warfare Associates Inc. (EWA)
EWA provides security evaluation and testing, information protection, infrastructure protection, intelligence support, software engineering, encrypted communications, and computer emergency response teams.
Emperex specializes in enterprise software configuration management and networking solutions to ensure the reliability, integrity, and reproducibility of applications and assist with audit compliance.
Ricoh’s EncryptEase hybrid security CD-R features sophisticated solutions that include strong copy guards, password-protected access, and scheduled expiration dates.
Enterasys Networks provides system and network security, productivity, and adaptability products, services, support, and training.
Entercept provides intrusion prevention software to safeguard servers by preventing known and unknown attacks, such as worms and buffer overflows.
Enterprise Computing Institute
The institute helps IT professionals solve problems and simplify the management of IT through consulting and training based on its book series.
Enterprise Risk Management
Enterprise Risk Management provides outsourced internal audit services, security reviews, risk management, system evaluations, application development, SAS 70 reviews, attestation, business continuity, and impact analysis services.
Enterprise Solution Services Inc. (ESSI)
Services include Microsoft installation, remote system administration, systems/network security review, network design and installation, enterprise/workgroup backup solutions, intranet/Internet firewall design.
Public-key infrastructure technology combines certification authority, encryption, and digital signature capabilities with fully automated key management to ensure privacy and authenticity of data communications.
Network security solutions for small and mid-size enterprises include centralized VPN management and Internet security appliances that integrate tools and services on one extensible platform.
ESTec Systems Corporation
ESTec evelops information security policies and procedures, conducts information security risk assessments, develops integrated disaster recovery plans, and undertakes information technology security audits.
Eurekify develops Sage role-management and privilege-mapping software. Sage Discovery & Audit allows auditors to track changes and identify role-based exceptions and deviations in IT privileges.
EWA-Canada offers information assurance services including access to the resources of Canada's first national incident response team. EWA-Canada is a member of EWA-Global Sentry, a global alliance of EWA companies and affiliates.
The Forensic and Incident Response Environment (FIRE) is a free bootable Linux CD-ROM containing a wide variety of computer security tools for responding to and investigating security incidents.
Focus Technology Group (FTG)
FTG's security, audit, data mining, and fraud-detection software includes BancAudit menu and PATROL400, which automates IBM AS/400 security audits.
Foundstone a managed security services provider provides security lifecycle intelligence to prevent and resolve issues of vulnerability management and protection, security services, software, and education.
F-Secure develops antivirus, data security, and cryptography software products for corporate computer networks.
GE Infrastructure Security InfoGraphics Systems
InfoGraphic Systems manufactures access control and security products, including alarm monitoring, asset tracking, photo badging, and video management.
Global Data Integrity
Xintegrity Professional software monitors data integrity and detects changes to Windows systems, including changes to directory structure, Windows registry, file security access permissions, services, or file contents.
Global Hauri Inc. provides the ViRobot virus protection line for desktops, servers, gateways, and groupware; DataMedic data recovery software; and LiveCall online scanner.
Guidance Software provides computer forensic software, acquisition hardware, and training. The EnCase solution handles every stage of computer forensic investigations, from preview to final report.
HID provides secure authentication and other smart chip applications, including contactless access control readers and cards using radio frequency identification (RFID) technology.
IBM Tivoli Software
IBM's Tivoli software, services, and programs enable companies of any size to manage their networked PCs and distributed systems from a single location.
ScreenLock to prevent unauthorized access to your computer and PassMan for password management, access control, and program linking, can both be downloaded for free evaluation.
Infinadyne's CD/DVD Inspector software allows auditors, data recovery, forensics, and law enforcement professionals to gather evidence stored on optical media.
Infoglide uses a similarity search engine, which is now replacing neural nets for fraud detection throughout North America.
IntelliRecovery provides data recovery services for personal computers and networks. The company recovers data from hard disks, removable media, databases, e-mail and Web servers, and other devices and applications.
Intellitactics provides a comprehensive enterprise security management solution, enabling security executives to police, prioritize, and prevail across a full range of information-security threats.
Internet Security Corp.
Internet Security Corp. specializes in high-end government and commercial network security, including VPN, security certification, policy facilitation, intrusion detection, systems integration, and HIPAA compliance.
Internet Security Systems
ISS provides security products and services for networks, servers, applications, and desktops including security assessment, policy enforcement, and intrusion detection.
InterSect Alliance provides security integration and configuration; intrusion detection and response; security audits and system reviews; penetration testing; and security risk management.
Intrusion Inc. provides intrusion detection systems, vulnerability assessment software, and integrated security appliances to "plug and protect" assets.
Iopus Software - Security & Internet Solutions
This software company produces monitoring tools: STARR (Stealth Activity Recorder & Reporter), SAM (Stealth Activity Monitor), and SESAME (Stealth Email SMTP Autosender Module).
Kane Security Analyst™
Kane Security Analyst network security assessment tool analyzes and reports on security exposure in six areas; an evaluation copy is downloadable from this site.
Kismet is an 802.11b wireless network sniffer, capable of sniffing using almost any wireless card supported in Linux, including Prism2-based cards supported by the Wlan-NG project (Linksys, Dlink, Rangelan, etc.)
Kroll provides solutions and services to safeguard physical, financial, and intellectual assets, including risk consulting investigations, forensic accounting, business valuation, and recovery services.
KSAJ Inc. is a Toronto-based company providing Internet security, information security, database protection, and hacker detection services. Web site includes reference information.
Lenel Systems International
Lenel Systems International Inc. provides software and integrated systems for corporate security. Lenel's OnGuard security product line protects an organization's people, property, and assets.
LostPassword.com provides password recovery software. It features a password-recovery engine, recovers form design passwords, and supports multilingual passwords.
This network security integrator specializes in firewalls, Web server security, e-commerce implementations, and penetration testing.
Mangosoft provides Internet software and services, file sharing service for remote connection to software and data, fileTRUST Web safe deposit box (with 128 bit encryption), and Cachelink Web caching software.
MasterCard Site Data Protection Service
The MasterCard Site Data Protection Service is a package of tools that allow Web merchants to identify risks on their sites and have immediate access to patches and fixes.
Maven Security Consulting Inc.
Maven's services include vulnerability assessments (Web applications, networks, firewalls, and telecom), evidence analyses & expert testimony (civil and criminal), security policy review & development.
Software and services include products to scan PCs for viruses, clean and optimize hard drives, and update applications and operating systems, as well as enterprise network security and management solutions.
McConnell International (MI)
MI is a global technology policy and management consulting firm that specializes in ethical work at the intersection of business, technology, and governance.
MLC provides integrated programs, products, and services to support strategic, organizational risk management for risk mitigation, transfer, and reduction, while addressing operational, intellectual property, and financial risks.
The Nessus Project provides free, powerful, and up-to-date remote security scanner software to audit a network and determine vulnerabilities.
NetIQ provides solutions for system management, security, and Web analytics, from pre-deployment testing and availability monitoring through to security management and use analysis.
NetMap Analytics Ltd.
NetMap Analytics provides specialized data analysis service and intelligence tools for law enforcement agencies, retailers, governments, and insurance companies.
NII Consulting, based in Mumbai, India, provides security assessments and audit services in the areas of compliance, business continuity, risk management, computer forensics, and security implementation.
Nmap Network Mapper is a free open source utility for network exploration or security auditing.
NTA Monitor Ltd.
NTA Monitor Ltd. provides Internet security services and solutions to UK and European organizations. Its core offerings are unique site security testing/audit service, regular monitor, and firewall service.
Oblix solutions provide the security infrastructure for complex enterprise environments. Oblix NetPoint is an integrated identity management and Web single sign-on solution.
Open Platform for Security (OPSEC)
OPSEC is an open, multi-vendor security framework for best-of-breed integrated applications and deployment platforms. Lead company Checkpoint Systems offers two product interoperability certification programs.
PacketTrap pt360 Tool Suite
The free pt360 Tool Suite features a centralized dashboard and includes network reporting, diagnostic, and monitoring from a single intuitive interface.
PC Guardian's security products protect against computer theft and unauthorized access, as well as protecting computer peripherals, LCD projectors, and video equipment.
Pelco provides security camera solutions including camera site, power and communication, and control site equipment plus support, training, and software.
Pleier Corp.'s ADM Plus features long-range planning, risk management, project management, visual scheduling, and tracking of recommendations and findings.
PointSecure Inc. provides security and audit software for OpenVMS (VAX VMS) systems, including System Detective AO security and compliance tool and Chalk Talk, to help users execute applications.
Dr. Wietse Venema provides free information and tools including The Coroner's Toolkit for post-mortem analysis of a UNIX system after break-in, SATAN, TCP Wrapper, and other topics.
Positive Networks provides hosted virtual private networks (VPNs) and end-point security services. PositivePRO combines a client-based VPN and a clientless, Web-based, SSL VPN.
The Preventsys Automated Security Compliance Reporter helps organizations cut the costs associated with producing sustainable security compliance reports.
Protegrity provides tools to implement a full security strategy across multiple platforms and applications, ensuring that security is business-driven and not technology-driven.
QualysGuard, an on-demand security audit and vulnerability management service, employs vulnerability-detection techniques to assess a network's security exposures and suggest remedies.
Regnoc Software Inc.
This provider offers Windows and Java security programs for security/encryption, secure signature, mail security, and encryption of source files for secure transmission.
RiskWatch provides quantitative and compliance risk analysis for physical and information security, HIPAA and ISO 17799 assessments, information systems certification and accreditation processes, audits, and more.
RSA Data Security Inc.
RSA provides cryptography and IT security software, and hosts the annual RSA Security Conference.
RUsecure Information Security Policies
RUsecure Information Security Policies provide an online set of security policies and manuals designed to be comprehensive (comply with ISO17799), current, complete, and delivered effectively (e.g., via the desktop). This site introduces a set of policies design to enable you to address all these questions positively and with confidence.
Safenet's smart-card technology for business-to-business e-commerce enables organizations to safeguard a user's digital credentials, authenticate users, and protect the integrity and privacy of data.
Savvis provides Internet outsourcing and offers flexible and secure platforms and services to scale Internet operations to strategic business initiatives.
Secura Key provides access control products including stand-alone and multi-door access control systems, card readers, and radio frequency ID (RFID).
Secure Computing's services and interoperable products address enterprise network security including firewalls, Internet monitoring and filtering, identification, authentication, accounting and encryption.
Securify provides software products to manage network complexity, automate security, measure operational compliance, and optimize business.
Snort is an open source network intrusion-detection system for real-time traffic analysis and packet logging on IP networks.
Soft Winter Corp.
Soft Winter produces software products that allow their employees to capitalize on creativity and focus on protecting customer data from unwanted intrusions and abuses.
Software House, a unit of Tyco Fire & Security, develops access control and integrated security management systems software.
SolarWinds develops and markets network management, monitoring, and discovery tools.
Solucom is a consulting and system integration firm specializing in Internet, intranet, extranet, and security solutions for companies, as well as a secure virtual private networking solution.
Solutionary Inc. is a managed security services provider addressing e-security risks and providing security products and services in protecting IT infrastructure.
SonicWALL designs, develops, and manufactures Internet security solutions used by companies of all sizes to protect networks and provide secure remote access.
Sourcefire Intrusion Detection System (IDS) provides network defense by monitoring and analyzing network traffic and alerting when suspicious activity is detected.
SpamAssassin e-mail filter to identify unsolicited commercial e-mail uses a rule base with a range of heuristic tests on mail headers and body text to detect spam.
Spy Tech specializes in video surveillance, polygraph services, counter surveillance, voice encryption, and physical protection.
Spytech Software and Design Inc.
Spytech's software protects data stored on PCs and allows users to know how and when their PC is being used. Products provide monitoring and reporting, system security, hacker protection, and freeware utilities.
SRA International Inc.
SRA's services and solutions to business and government clients include Internet systems development, systems and software engineering, network integration, information security, data and text mining, and more.
Stonesoft provides enterprise-level network security and high-availability clustering technology for companies deploying business-critical network applications on Internet and mobile networks.
Sun Microsystems - Network Security
Sun provides products, services, and technologies for secure e-commerce and communication over public networks, as well as training solutions so customers can implement and manage their network security strategy.
Sunbelt Software provides utilities and technical support for Windows infrastructures; Sunbelt International publishes a free weekly e-zine to keep system administrators up-to-date on tools, updates, and upgrades.
SurfControl provides employee Internet access control via policy management software, with a rules-based engine so organizations can filter access for specific employees, departments, locations, and groups.
Sword & Shield Consulting Services, Inc.
Sword & Shield is a security consulting firm specializing in information protection through the application of computer and network security technology.
Software and appliance solutions for individuals, enterprises, and service providers include virus protection, firewall, vulnerability management, and remote management technologies.
Symark Software developes security and system administration software for the UNIX and Linux operating systems, including PowerBroker and PowerPassword.
Systems Advisory Group Enterprises Inc. (SAGE)
SAGE develops and provides Web security products. Its BRICKServersecure Web appliance features process-based security for protecting Web sites from hackers.
SystemTools.com provides system administration and security tools for Windows NT, 2000, and XP, including security monitoring, reporting, analysis, and audit products.
Technology Pathways LLC
Technology Pathways develops computer forensic software and solutions. Its ProDiscover DFT product provides evidence acquisition, analysis, and reporting.
TecSec provides e-business information management and security products and solutions through cryptography.
Tele-Tector of Maryland Inc. (TTM)
TTM designs, implements, and maintains integrated security solutions using smart cards, biometrics, digital recording, and UTP transmission.
The Advanced Computing Systems Association (USENIX)
USENIX brings together engineers, system administrators, scientists, and technicians for presentation and discussion of advanced information on the developments of all aspects of computing systems.
The Firewall Toolkit
This global site provides information on building free firewall and security solutions, including tutorials and documentation on building firewalls, toolkit software patches, and FAQ and support options.
Top Layer Networks
Top Layer Networks provides network security solutions worldwide, including intrusion detection and prevention products, firewall/virtual private network balancing technology, and secure IP network access.
TriGeo Network Security
TriGeo Network Security provides system and network security event management and information management products and solutions. The site also provides articles, white papers, and an e-newsletter.
Tripwire offers IT change audit solutions and helps enterprises ensure regulatory compliance, network security, and system availability. The Web site features educational webcasts and white papers.
Trojan Securities International
Trojan Securities International provides security, protection and recovery, consultancy, risk management, technology security and testing, bodyguards, surveillance, intelligence, conflict resolution, counter terrorism, and maritime and special operations training.
TrustWave provides policy, technical, and operational security risk management solutions independently or in partnership with an organization's IT staff.
Tumbleweed Communications provides software solutions to manage secure Internet communication and collaboration, empower organizations to safely share or protect critical information, and increase customer privacy.
Unlimited Software Associates Inc.
Unlimited Software Associates (USA Inc.) provides security tools for Compaq's Tandem Division NSK & ServerNet systems.
Vanguard Integrity Professionals
Vanguard Integrity Professionals provides OS/390 Security Server (RACF) and mainframe security solutions to the IBM OS/390 environment through its integrated suite of security assurance software.
VeriSign provides digital trust services for commerce and communications through three core offerings: Name services, authentication services, and payment services.
Vigilar provides solutions to manage privacy and risk through the delivery of technology controls, education, and process development.
White Canyon Software
White Canyon Software provides software for eliminating data and files from computer hard disks, including WipeDrive and SecureDrive.
WhiteHat Security Inc.
WhiteHat Security provides Web application security software and educates the public on Web application security.
ZDNet Downloads provides a variety of popular software for downloading. Categories include IS/IT, software developer, Web developer, business, personal technology, security, and mobile.
ZixCorp provides security and privacy solutions for businesses and individuals focusing on protecting information sent beyond secure firewalls in e-mail messages.
Zone Labs Inc. provides Internet technologies for security and productivity solutions. Products include TrueVector, ZoneAlarm personal firewall, and Zone Labs Integrity security policy management and enforcement.
The Institute of Internal Auditors - 247 Maitland Avenue • Altamonte Springs, Florida 32701-4201 U.S.A.
+1-407-937-1100 • Fax +1-407-937-1101 • www.theiia.org
All contents of this Web site, except where expressly stated, are the copyrighted property of The Institute of Internal Auditors Inc.