Citadel Invites Software Manufacturers to Step Up to the Challenge and Identify the ''Best of the Best'' Enterprise Vulnerability Management Capabilities.DALLAS -- $100,000 Prize to be Awarded to Heavyweight Champion; Contenders Will Be Judged by Independent Test Lab Citadel Security Software Inc. (Nasdaq:CDSS CDSS California Department of Social Services CDSS Clinical Decision Support Systems CDSS Country Dance and Song Society CDSS Canadian Down Syndrome Society CDSS Community Day Secondary Schools (Malawi) ), a leader in enterprise vulnerability management and policy enforcement through its automated vulnerability remediation (AVR (Automatic Voltage Regulation) See voltage regulator. ) solution, Hercules(R), today sent letters challenging software manufacturers providing software for automating the resolution of security vulnerabilities to defend their product claims of enterprise vulnerability management in a fair fight. Citadel is offering $100,000 to the company participating in the challenge that offers the best product with the highest score that meets a defined set of Enterprise Vulnerability Management (EVM EVM Earned Value Management EVM Evaluation Module EVM Error Vector Magnitude EVM Electronic Voting Machine EVM Expert Group on Vitamins and Minerals EVM Economic Value Management EVM Extraneous Vegetable Matter EVM Extra-Value Meal EVM Electronic Voltmeter ) criteria as evaluated by an independent test lab. To capitalize on Cap´i`tal`ize on` v. t. 1. To turn (an opportunity) to one's advantage; to take advantage of (a situation); to profit from; as, to capitalize on an opponent's mistakes s>. the daily bombardment of vulnerabilities continually degrading TO DEGRADE, DEGRADING. To, sink or lower a person in the estimation of the public. 2. As a man's character is of great importance to him, and it is his interest to retain the good opinion of all mankind, when he is a witness, he cannot be compelled to disclose organizations' security posture, a myriad of software vendors have begun to claim "vulnerability remediation" capabilities to address this critical security need. While the phrase "vulnerability remediation" is in wide use, it is still largely undefined and as a result, many enterprises remain confused about how to best mitigate vulnerabilities before they are exploited by rapidly spreading threats. The letters sent by Citadel invited vendors to have their products tested by an independent test lab following defined test criteria. This independent testing will clarify the requirements for enterprise vulnerability management and enable enterprises to easily select the best vendor. "As a pioneer of automated vulnerability remediation, we believe that we are the reigning champion of enterprise vulnerability management and we challenge our competitors to put their products to the test," said Citadel Executive Vice President of Marketing, Mike Jones. "The goal of this challenge is to demonstrate real substance over marketing spin about enterprise vulnerability management solutions and insist that products perform as marketed. At the conclusion of this test, enterprises will have a better understanding of how to select the best solution for comprehensive risk mitigation of network vulnerabilities. We believe we will remain undefeated, and are happy to put our money where our mouth is." Requirements for Enterprise Vulnerability Management Challenge participants will be tested on the following critical risk mitigation criteria by an independent test lab in January 2005. For each invited participant, the test lab expenses will be paid by Citadel. For further details on The Citadel Challenge, including a white paper on Enterprise Vulnerability Management, EVM product requirements and other Challenge details, visit www.citadel.com/100Kchallenge. Remediate re·me·di·a·tion n. The act or process of correcting a fault or deficiency: remediation of a learning disability. re·me All Classes of Vulnerabilities -- Today corporate networks are plagued with software defects that require patching, as well as many other types of vulnerabilities such as misconfigurations and unnecessary services. For comprehensive protection, an enterprise vulnerability management solution must address all classes of vulnerabilities. Remediation Library -- With so many new vulnerabilities being discovered every day, remedies must be available on a timely basis. An enterprise vulnerability management solution must provide a comprehensive library of proven and tested remedies, with support from a team of security experts continually writing and distributing new remedies. Support an Enterprise Environment -- With enterprises containing mixed environments and vulnerabilities pervasive in all operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. , it is critical to support Unix, Linux as well as Windows operating systems. Set and Enforce IT Security Policy -- As systems tend to shift in and out of compliance, an enterprise vulnerability management solution must be able to assess the security state of devices and keep them in line with corporate security policies. Rapid Mitigation -- The fear of zero-day exploits An attack that takes place immediately after a security vulnerability is announced. If a user discovers a vulnerability, it might wind up on one or two blogs, and the news travels fast. If a software vendor finds it, the tendency is to keep it under wraps until it has a patch to fix it. is exploding with new threats quickly entering the enterprise often before they have been identified. A true EVM solution must provide capabilities for rapid respond to breaking threats and automate the remediation process. Endpoint Security -- Enterprises suffer when remote employees reconnect to the network, bringing with them viruses, worms, spyware and other cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. security issues. Organizations must have the ability to check each device's security state, quarantine quarantine (kwŏr`əntēn), isolation of persons, animals, places, and effects that carry or are suspected of harboring communicable disease. if necessary and bring the device back into a secure state with minimal impact to the end-user. Bridge Organizational Boundaries -- With both Security and IT Operations responsible for IT risk management, an EVM solution must provide a working platform to integrate with multiple vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. security tools to seamlessly prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. , test, audit and apply fixes to reduce risk and comply with internal and external mandates. Asset Discovery and Classification -- Many organizations are unaware of their inventory let alone the risk of each asset. An EVM solution should search inventory information to determine exposure and classify assets for prioritization of threats. Vendors not invited to participate may request participation by sending email to 100KChallenge@citadel.com. About Citadel Citadel Security Software Inc., a leader in enterprise vulnerability management solutions powered by AVR technology, helps enterprises effectively neutralize neutralize to render neutral. security vulnerabilities. Citadel's patent-pending, Common Criteria (Common Criteria for Information Technology Security) An international standard process for defining security objectives and for evaluating compliance with those objectives. The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian EAL EAL English as an Additional Language EAL Evaluation Assurance Level EAL Eastern Airlines EAL Emergency Action Level EAL Environmental Analysis Laboratory EAL Evidence Analysis Library (American Dietetic Association) 3 certified See certification. Hercules(R) technology provides users with full control over the automated remediation process, enabling efficient aggregation, prioritization and resolution of vulnerabilities detected by industry-standard vulnerability assessment tools. SecurePC(TM) and NetOFF(TM) products enable companies to enforce security policies from a single point of control. Citadel's solutions enable organizations to ensure the confidentiality of information, reduce the time and costs associated with the inefficient manual remediation process, and facilitate compliance with organizational security policies and government mandates such as FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act , HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and Gramm-Leach-Bliley legislation. For more information on Citadel, visit www.citadel.com, or contact the company at (214) 520-9292. Safe Harbor/Forward-looking Statements: This press release may contain forward-looking statements forward-looking statement A projected financial statement based on management expectations. A forward-looking statement involves risks with regard to the accuracy of assumptions underlying the projections. that are intended to be subject to the safe harbor Safe Harbor 1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated. 2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive. protection provided by Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements relate to future events or future financial performance and involve known and unknown risks and uncertainties that may cause actual results or performance to be materially different from those indicated by any forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as "forecast," "may," "will," "could," "should," "anticipate," "expect," "plan," "believe," "potential" or other similar words indicating future events or contingencies. Some of the things that could cause actual results to differ from expectations are: revenue recognition policies that may delay recognition of revenues; the ability of government entities to terminate licenses of our products for convenience; the current economic and geopolitical ge·o·pol·i·tics n. (used with a sing. verb) 1. The study of the relationship among politics and geography, demography, and economics, especially with respect to the foreign policy of a nation. 2. a. environment; current information technology spending trends; the uncertainty of funding of government information technology security projects; a lack of Citadel operating history; uncertainty of product acceptance; uncertainty of ability to compete effectively in a new market; the uncertainty of profitability and cash flow of Citadel; intellectual property rights and dependence on key personnel; economic conditions; the continued impact of terrorist attacks, global instability and potential U.S. military involvement; the competitive environment and other trends in the company's industry; changes in laws and regulations; changes in the company's business plans; interest rates and the availability of financing; liability and other claims asserted against the company; labor disputes; the company's ability to attract and retain qualified personnel; and inflation. For a discussion of these and other risk factors, see the company's Annual Report on Form 10-KSB for the year ended December 31, 2003 and its Quarterly Report on Form 10-QSB for the quarter ended September 30, 2004. All of the forward-looking statements are qualified in their entirety by reference to the risk factors discussed therein. These risk factors may not be exhaustive. The company operates in a continually changing business environment, and new risk factors emerge from time to time. Management cannot predict such new risk factors, nor can it assess the impact, if any, of such new risk factors on the company's business or events described in any forward-looking statements. The company disclaims any obligation to publicly update or revise any forward-looking statements after the date of this report to conform them to actual results. Editors Note: Citadel is a trademark and Hercules is a registered trademark of Citadel Security Software. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion