The latest news from ThreatGuard,
Inc.
.
Use Pro to Create the
FDCC Reporting Excel Spreadsheet
March 24, 2008: Secutor Prime
Professional now supports the creation of the FDCC Reporting
Excel Spreadsheet. OMB requires that all agencies create this
spreadsheet and submit it along with the SCAP XCCDF results documents
(also created by Prime Professional) to NIST.
Webinar: Simple Solutions for
FDCC Compliance Replay
By popular demand, our enterprise partner
NetIQ has made the FDCC implementation webinar available for
replay. Follow this external
link, enter a user name, and enjoy.
Webinar: Simple Solutions for
FDCC Compliance
On March 18, 2008 at 2:00 PM (EST)
ThreatGuard and our enterprise integration partner NetIQ will provide a
joint web presentation titled "FDCC - Simple Solutions for Measuring
and Reporting Compliance". Among other things, you'll learn about
solutions for FDCC reporting, secure management of FDCC GPO
settings, continuous compliance assessment and baseline
configuration management. Register
Now!
Secutor Products Earn
Additional SCAP Validation
March 4, 2008: Today Secutor Prime became the
first product to achieve NIST SCAP validation for Mis-Configuration
Remediation. In addition, our Secutor Compliance Automation
Toolkit (S-CAT) was awarded FDCC scanner validation. Kudos to the
NIST- accredited lab EWA-Canada for
their hard work performing the validation testing. More validated
products and categories of validation are
forthcoming from ThreatGuard.
Secutor Prime Earns
SCAP Validation
February 4, 2008: ThreatGuard's Secutor Prime
product is awarded Security Content Automation Protocol (SCAP)
Validation from the National Institute of Standards and
Technology. The validation process involved extensive testing by
the NIST- accredited lab EWA-Canada to determine that
Secutor Prime properly adheres to all six SCAP standards and produces
expected FDCC scanning results. ThreatGuard's Secutor Magnus and
S-CAT are currently in validation testing and should be certified very
soon.
Secutor Prime
Professional Released!!!
January 24, 2008: ThreatGuard has officially
released the much anticipated Secutor Prime Professional product.
Pro includes all the features of the licensed Secutor Prime product but
adds official OMB FDCC Deviations Report creation and agentless
compliance management of remote targets. We'd like to thank the
Court Service & Offenders Supervisory Agency for being our first
Pro customer and Navy SPAWAR for being our second (and the rest of our
dedicated and loyal customers too!).
ThreatGuard Earns OVAL
Award 9 Straight Quarters
October 4, 2007: ThreatGuard has earned the OVAL
Repository Top Contributor
Award for the ninth straight quarter! This quarterly award
recognizes those organizations
that have contributed the most content to the OVAL Repository. We
are pleased to accept this award and are encouraged by the growing
success of the OVAL program under MITRE's stewardship.
Secutor Magnus
Enterprise SCAP Product Released
September 1, 2007: ThreatGuard is pleased to announce
the release of its much anticipated Secutor Magnus product.
Secutor Magnus brings the power of the popular Secutor Prime product to
the enterprise. Whether you require an agentless solution or
prefer agents, Secutor Magnus is your product for enterprise-wide
compliance and vulnerability management. Like the rest of the
Secutor product line, Magnus has been recognized by NIST as FDCC
capable. It can directly consume the U.S. Government's SCAP compliance and
vulnerability content (or user generated-content that supports the SCAP
standard). Please Contact
us today for additional information.
Secutor Products
Recognized by NIST as FDCC Capable
July 27, 2007: ThreatGuard's Secutor line of
security products has been recognized by NIST as federal desktop core
configuration (FDCC) capable. ThreatGuard is the developer of
four of the five products in the world that have achieved this
distinction. The U.S. government has developed the FDCC to
provide a strict definition of what constitutes a securely configured
computer. Our Secutor products enable organizations to assess
their computers for FDCC compliance, define local policy deviations,
and automatically bring computers back into accepted compliance.
ThreatGuard Receives
OVAL Award for 2nd Quarter 2007
July 16, 2007: ThreatGuard is excited to receive
the OVAL
Repository Top Contributor
Award for the second quarter of 2007. This quarterly award
recognizes those organizations
that have contributed the most content to the OVAL Repository.
ThreatGuard has won the award for the past eight quarters.
Secutor Prime 1.3.1
Released
June 4, 2007: After months of
intense development, enhancements and improvements to Secutor Prime and
our core SCAP compliance libraries are now being released.
Version 1.3.1 features many notable additions including significant
improvements in Microsoft Vista assessment and remediation support, an
XCCDF export
feature with support for policy deviations, a CCE exporting option in
the CSV exporter, and a new host detail compliance report. The
benchmark/profile selection tool has been simplified and the scoring
system has been updated to count rules only once even when they appear
in multiple compliance categories.
.
Secutor Prime 1.2.0
Released
May 23, 2007: A new version of
Secutor
Prime is now available for immediate download. Users of the
Secutor Prime
Free Edition will enjoy updated assessment content, and support for
policy deviations-based assessment. The
commercial
version includes all of the free version features as well as a beta
release of
the policy deviations profiler. This feature allows
organization's to
automatically identify and document their exceptions to the benchmark
standard
and use this custom benchmark in subsequent compliance
assessments. Users
can manually download the update from this website or use the
auto-update
feature of their existing Secutor Prime installation to obtain it.
.
ThreatGuard Receives
OVAL Award for 1st Quarter 2007
April 20, 2007: ThreatGuard has won the OVAL
Repository Top Contributor
Award for the first quarter of 2007. This quarterly award
recognizes those organizations
that have contributed the most content to the OVAL Repository.
ThreatGuard has won the award for the past seven quarters.
.
Secutor Compliance
Automation Toolkit Released
March 13, 2007: ThreatGuard is excited to release
the Secutor Compliance Automation Toolkit (S-CAT), the first and only
product to bring NIST SCAP capability to
third-party products. We've spent the past several years and
thousands of hours developing and refining the industry's most mature
and respected SCAP technology. S-CAT makes this technology
available in an easy-to-use drop-in module. A recent beta-tester
was able to integrate S-CAT into their product in only four
hours. S-CAT
makes SCAP easy.
.
Online Product Support
Forums Launched
March 7, 2007: In an effort to better support our
users, ThreatGuard is pleased to announce the official launch of our
product support forums.
If you have questions or suggestions regarding our products, please
post a message. Our staff will monitor and moderate the forums to
provide timely and accurate feedback.
.
ThreatGuard Receives
OVAL Award Six Straight Quarters
March 1, 2007: ThreatGuard was recently presented
with the OVAL Repository Top Contributor
Award. This quarterly award recognizes those organizations
that have contributed the most content to the OVAL Repository.
ThreatGuard received the award for the past six quarters.
.
Secutor Prime 1.0
Available!
February 1, 2007: ThreatGuard, Inc. is excited to
announce the availability of Secutor Prime 1.0. This product is
the first in the industry to use NIST's SCAP content to perform
standards-based automated compliance assessment and remediation.
As promised, we've included Undo and System Restore features to protect
computers from incompatible configurations. The numerous reports
are comprehensive, informative, and visually appealing. The
Secutor Prime Free Edition has been upgraded to version 1.0. This
version can be "activated" to the full commercial version by purchasing
a license key here.
Give it a try and
you'll see the ThreatGuard advantage.
.
Secutor Prime 1.0 Earns
OVAL Compatibility
January 31, 2007: Today Secutor Prime 1.0 earned the
certification
of OVAL compatibility from the MITRE Corporation. The
rigorous certification process ensures products adhere to the technical
and usability requirements of the OVAL program. This
accomplishment brings the total number of ThreatGuard products that are
OVAL certified to five!
.
Secutor Prime &
Secutor Magnus Update
December 14, 2006: We have had numerous inquires
about the status of our commercial Secutor Prime and Secutor Magnus
products. In short, both products are progressing as planned.
Auto-remediation is working great, undo/restore is in final testing and
is amazing, the new reports are very impressive, and the handy data
export tools are looking good. The ability to perform patch,
vulnerability, and compliance assessments at the same time is also
pretty handy. While Secutor Magnus is not due for release until
late spring 2007, it is also progressing well. It will leverage
some additions we have planned for Secutor Prime to create a flexible
agent-based/agentless scalable solution. Look for our OEM
Integration Kit to include many of these new Secutor features in
2007.
.
ThreatGuard Contributes
More Patch Content to SCAP
December 14, 2006: ThreatGuard has added Windows 2003
Server patch content to its list of contributions to NIST's SCAP
initiative. OVAL patch definitions differ from vulnerability
definitions in that they are patch centric. We do not simply
check to see if the operating system reports a patch as being
installed. Rather, we check a variety of files and settings to
determine patch status. The Windows 2003 content joins our
Windows XP patch content contributions that were recently announced.
.
December Patch Tuesday
Definitions Ready
December 13, 2006: ThreatGuard continues its
commitment to OVAL by developing and contributing vulnerability
definitions to cover Microsoft's December Patch Tuesday
bulletins. As usual, these definitions were posted on MITRE
Corporation's OVAL
Discussion List and are free for everyone to use.
.
NIST Launches Security
Content Automation Site
October 29,
2006:
The National Institute of Standards and Technology (NIST) has launched
the world's first website dedicated to standards-based security content
automation. The Security Content Automation
Program (SCAP -
pronounced "S Cap") beta site will serve as the clearing house for
compliance checking, vulnerability management, and security measurement
content and tools. ThreatGuard volunteered hundreds of man hours
to refine NIST's initial compliance content. We have also
developed and contributed the Microsoft Windows XP Patch detection
content to the program. Download our free version of Secutor
Prime to see the advantages of SCAP for yourself.
.
Full Remediation Coming
for Secutor Prime
October 23,
2006:
As promised, ThreatGuard will provide a full remediation capability
with Secutor Prime
very soon. In
preparation for this transition, the latest update removes the limited
remediation feature.
In addition, the latest version enhances the automatic application and
content update capability, provides a new profile selector, and
supports the new XCCDF content structure released by NIST last week.
.
FISMA Scout becomes
Secutor Prime
October 8,
2006:
In recognition of the broad applicability and availability of
standards-based security compliance content, ThreatGuard has renamed
FISMA Scout to Secutor Prime.
While Secutor Prime contains the same powerful features as FISMA Scout,
the new Secutor product line extends beyond FISMA to support compliance
content for DISA
STIGS Gold, Platinum, NSA guides, and others. Secutor Prime is
free for non-commercial use and represents
ThreatGuard's first released product in our new Secutor line.
.
ThreatGuard Contributes
Patch Content to NIST
October 6,
2006:
To help jumpstart NIST's automated security content initiative,
ThreatGuard has developed an contributed security patch definitions for
Microsoft Windows XP. This will complement NIST's compliance
content for FISMA, DISA STIGS (Gold and Platinum), and NSA guides,
making ThreatGuard an official NIST Checklist
company.
.
Second Weekly FISMA
Scout Update Released
October 1,
2006:
As we work towards FISMA Scout version 1.0, we are pleased to release
our second weekly scheduled update of this radical new
product. To download the update and view the release notes,
please visit ThreatGuard's FISMA
Scout product page.
.
OVAL Test Released for
Out-of-Cycle Microsoft Patch
September 27,
2006:
ThreatGuard has released an OVAL definition to address Microsoft's
recent out-of-cycle Internet Explorer patch. This definition has
been distributed to our
customers and the OVAL community at large via MITRE Corporation's
repository. Please refer to Microsoft's security bulletin for
additional information (MS06-055).
.
ThreatGuard
Releases FISMA Scout
September 19,
2006:
Today ThreatGuard, Inc. made history by releasing FISMA
Scout, the first product to perform
Federal Information Security Management Act (FISMA) compliance
assessment, remediation, and scoring using NIST's new standards-based
automated checklist content.
.
ThreatGuard, Inc. to
Present Demo at NIST Conference
September 1,
2006:
The ThreatGuard team will be presenting on September 19th at the National Institute of Standards and
Technology's (NIST)
Security
Automation Conference and Workshop in Gaithersburg, Maryland.
ThreatGuard will be unveiling and demonstrating a very significant
product that supports NIST's new automated checklist program.
.
Two New Products
Certified as OVAL v5.0 Compatible
August 8,
2006:
Two new products along with two existing products recently passed MITRE
Corporation's OVAL Compatibility testing and are officially OVAL v5.0
certified. The new On
Demand and OEM
Integration Kit products join the ThreatGuard Vulnerability
Management System and ThreatGuard Traveler as OVAL v5.0
certified. These products include the first proprietary OVAL
assessment engine to achieve this certification.
.
ThreatGuard
Picked as a Four-to-Watch Company
July 29,
2006:
ThreatGuard has been selected by the Express-News as one of San
Antonio's four-to-watch emerging technology companies. This is a
great honor given San Antonio's position as one of the leading
information security incubators in the world and the success of
previous four-to-watch companies.
.
New
Product:
ThreatGuard OEM Integration Kit
July
1, 2006: Today ThreatGuard, Inc. announces
the release of the ThreatGuard OEM Integration Kit version 1.0.
Designed for easy integration into 3rd party systems, this kit includes
many of the ThreatGuard VMS assessment features (including OVAL 5
support) packaged as lightweight, integrated modules. Please
contact ThreatGuard for
pricing and options.
.
Large Patch Tuesday
Update for June Now Live
June
14, 2006: The June 2006 Patch Tuesday saw
Microsoft release an unusually large number of patches to correct many
significant security vulnerabilities in their products.
ThreatGuard has developed and deployed associated OVAL definitions
along with supporting information to our customers. We've
subsequently donated these definitions to the OVAL community at large.
.
Microsoft Patch Tuesday
Checks for May Now Active
May 10, 2006: ThreatGuard has
developed and deployed OVAL definitions to test for all vulnerabilities
announced in Microsoft's May 2006 Patch Tuesday. ThreatGuard VMS
4.0 systems are now updated. We have subsequently contributed
these definitions to participants in the OVAL community.
.
MITRE Recognizes
ThreatGuard's OVAL Milestone
April 21, 2006: In the OVAL
newsletter, MITRE Corporation recently recognized ThreatGuard for its
leadership and technical contributions to the OVAL program.
.
Microsoft Patch Tuesday
Checks for April Now Active
April 12, 2006: In less than 24
hours, ThreatGuard developed and deployed 57 new tests to check for
vulnerabilities associated with Microsoft's April 2006 Patch
Tuesday. ThreatGuard VMS 4.0 systems will automatically download
these tests and identify vulnerable systems.
.
500 OVAL Definitions
and Beyond!
April
12, 2006: In just six months ThreatGuard has contributed over 500
OVAL vulnerability definitions to the OVAL community. As the lead
developer of commercial OVAL solutions, we take great pride in our
contributions to this important program. We would also like to
congratulate and thank the MITRE Corporation for their outstanding
stewardship of the OVAL program. For over a year our customers
have benefited from the speed, accuracy, and interoperability realized
through OVAL. This will continue as we have many exciting OVAL
projects under development for release in the coming year.
.
OVAL-IDs
Assigned to Microsoft Security Bulletins
March 30, 2006: MITRE Corporation
has assigned official OVAL-IDs for ThreatGuard-developed definitions
that address the most recent Microsoft Security Bulletins.
.
ThreatGuard Joins Sun
Partner Advantage Program
March
28, 2006: ThreatGuard has joined the Sun Partner Advantage
Program to improve technical and marketing collaboration between Sun
Microsystems and ThreatGuard. ThreatGuard products make extensive
use of Sun's Java technology. This natural partnership promises
to create significant strategic opportunities.
.
ThreatGuard Delivers
first Red Hat OVAL Definition
March 27, 2006: ThreatGuard has
released its first OVAL definition for Red Hat Linux to address a major
vulnerability in Sendmail. For the past six months ThreatGuard
has been the leading developer and contributor of Microsoft Windows,
Sun Solaris, HP-UX, and Cisco IOS OVAL definitions.
.
FLASH: ThreatGuard VMS 4.0 Released
January 22, 2006: ThreatGuard, Inc.
is pleased to announce the release of ThreatGuard VMS version
4.0. This major release includes over 100 enhancements including
a new policy and compliance management system. It also becomes
the first security product to support OVAL for Cisco IOS devices.
Please contact ThreatGuard for additional product details.
Existing customers have been automatically updated to version 4.0.
.
Another Milestone:
400th OVAL Definition Contributed
January 17, 2006: ThreatGuard has
contributed its 400th vulnerability definition to the OVAL
community. In addition to definitions covering Microsoft's
February 2006 Patch Tuesday, ThreatGuard has contributed OVAL
definitions for the most recent Solaris and HP-UX vulnerabilities.
.
Microsoft's Patch
Tuesday, Solaris, & HP-UX Updates
January 11, 2006: Last night
ThreatGuard released product updates to address Microsoft's January 10
Patch Tuesday and all recent SunSolve and HP-UX security
bulletins. ThreatGuard appliances will automatically download,
install and alert if any of these vulnerabilities are discovered on
customer networks. ThreatGuard again contributed definitions to
detect Patch Tuesday vulnerabilities to the OVAL community within 20
hours of their disclosure.
.
ThreatGuard
Contributes Its 300th OVAL Definition
December 27, 2005:
Just one month after contributing its 200th vulnerability definition to
the
OVAL community, ThreatGuard has surpassed the 300 mark. We
continue to validate the benefits of this technology to quickly address
today's security challenges. This month we contributed OVAL
definitions to address Microsoft's Patch Tuesday vulnerabilities within
20 hours of announcement.
.
ThreatGuard
Releases
the First HP-UX Definitions
December 7, 2005: ThreatGuard is
pleased to announce the development and contribution of the first 17
HP-UX OVAL vulnerability definitions. ThreatGuard products become
the first in the industry to detect and manage security vulnerabilities
on Hewlett-Packards HP-UX operating system using the international
standard OVAL language.
.
ThreatGuard
Contributes Its 200th OVAL Definition
November
24, 2005:
Today ThreatGuard contributed its 200th vulnerability definition to the
OVAL community. We are proud to be the industry leader in OVAL
technology contributions and are excited to see momentum growing for
this important program.
.
ThreatGuard
Earns
OVAL
Compatibility Awards
November
14, 2005:
ThreatGuard becomes the first vulnerability management system to earn
the OVAL compliance
award. ThreatGuard is joined by Citadel's Hercules Patch
Management System and ArcSight's ESM product as inaugural awards
recipients.
.
Another First: HP-UX OVAL
Interpreter Completed
November
7, 2005: More Firsts.
ThreatGuard is pleased to announce the completion of the industries
first HP-UX OVAL interpreter. In addition, we have completed the
initial collection of HP-UX OVAL definitions which we will contribute
to the OVAL community.
The ThreatGuard Vulnerability Management products now include
OVAL support for Microsoft Windows, Solaris, HP-UX, and Red Hat Linux.
.
ThreatGuard to receive OVAL
Compatibility Awards
November
3, 2005:
ThreatGuard
Vulnerability
Management products to receive inaugural OVAL compatibility awards at
the CSI 32nd Annual Computer Security
Conference. More details soon.
.
HP-UX
OVAL Schema Contributed
September
12, 2005: ThreatGuard
completed the development of the draft OVAL schema for
Hewlett-Packard’s HP-UX
operating system. This
schema was contributed to the OVAL community and has been included in
the official 4.2
OVAL schema. Version 4.0 of the ThreatGuard VMS will include
the first HP-UX OVAL interpreter and will contribute definitions for
use with the HP-UX schema.
.
Developer of
Patch Tuesday OVAL Definitions
August
23, 2005: In
cooperation with the MITRE Corporation and the OVAL community,
ThreatGuard has agreed to develop and contribute draft OVAL definitions
to Microsoft’s monthly vulnerability disclosure and patch release day.
.
ThreatGuard
Attends Developer Days
July
20, 2005: ThreatGuard participated in the inaugural OVAL Developer
Days at the MITRE campus in Bedford, MA. The event provided an
excellent forum to discuss current and future technical issues with
other leaders in the OVAL community. We'd like to thank MITRE for
hosting such a productive conference.
.
ThreatGuard CVE
Compatible
April
5, 2005:
ThreatGuard's
Vulnerability Management System certified as CVE Compatible.
ThreatGuard delivers first OVAL Solution
for Solaris
March
3, 2005: ThreatGuard
recently delivered the first (and only) OVAL interpreter and results
producer for Sun Microsystem’s Solaris
operating system. We
continue to develop and contribute vulnerability definitions for
Solaris.
.
ThreatGuard Delivers First
Commercial OVAL Product
February 1, 2005: ThreatGuard
became the first company to deliver an OVAL-enabled solution.
ThreatGuard Vulnerability Management System version 3.0 uses Windows,
Red Hat Linux, and Solaris OVAL definitions to assess the security
posture of computers without requiring software agents.
.
