Sanctum Upgrade Takes Aim At External Threats

The conventional wisdom in the security industry that 80% of all attacks on company networks and computers stem from malevolent insiders no longer holds. The growing use of Internet applications-accessed by remote users via a Web browser-has changed the nature of security attacks, and outsiders are now considered the greatest threat.

Many companies suspect hackers and terrorists (46%), and even customers (14%) of trying to breach their systems, according to InformationWeek Research's 2001 Global Information Security Survey of 4,500 security professionals, fielded by PricewaterhouseCoopers. According to a survey by the Computer Security Institute and the FBI, some 72% of businesses cite Internet connections as a frequent point of attack, while only 31% say the same for internal systems.

Sanctum Inc., a vendor of software to make Web applications more secure, last week introduced an enhanced version of its AppScan software, which automates the auditing of Web apps for software holes that hackers could use to break into systems. AppScan 2.5 is designed to find known and previously undiscovered vulnerabilities and to suggest ways to correct the problem.

Despite the increase in known vulnerabilities, Hurwitz Group security analyst Pete Lindstrom says Web-application security has been largely overlooked until recently. "This is growing into a hot space in security," he says. "AppScan is a way companies can boost defenses for Web-application security."

AppScan 2.5 is available now and runs on Linux; pricing starts at $15,000.