nCircle announced the Security Content Automation Protocol (SCAP) validation of nCircle IP360 and nCircle IP360 Mobile, the world's leading vulnerability and risk management system. As one of the early SCAP-validated solutions on the market, nCircle IP360 provides U.S. Federal agencies with an enterprise class system to support the largest networks, while at the same time delivering SCAP certified vulnerability scanners with the ability to determine the presence of known software flaws by evaluating the target system over the network. SCAP is a protocol using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance) and is sponsored by the Information Security Automation Program (ISAP), a U.S. government multi-agency initiative to enable automation and standardization of technical security operations.

Core Security Technologies today announced that CORE IMPACT, the most comprehensive product for proactive security testing, can be used to help U.S. federal agencies comply with the new information security assessment guidelines outlined by the National Institute of Standards and Technology (NIST). NIST Special Publication 800-53A, Appendix G (http://csrc.nist.gov) advocates the use of penetration testing technology by all federal agencies as a key component of an effective security assessment plan. It's great to see the federal government taking steps to ensure that penetration testing is widely used as a method of assessing real-world risks, said Robert Maley, chief information security officer for the Commonwealth of Pennsylvania. Gaining a comprehensive view of vulnerabilities across an organization's security infrastructure is an important step in enhancing the security posture of our federal agencies. Pennsylvania has been using CORE IMPACT for some time as a critical compo

Secure Firewall enables compliance with PCI Data Security Standard while also providing industry-leading security and manageability

Integrity Interactive Corporation, a company that helps leading global corporations manage and reduce the risk of ethics and compliance failures, today announced its partnership with Vantage Partners, the leading management consulting firm specializing in achieving breakthrough business results by transforming the way companies manage their most important relationships. This partnership will provide clients of both Integrity Interactive and Vantage Partners additional expertise in specific areas of third party relationship management. Companies are looking closely at their supply chain to find ways to reduce risk, manage costs, and drive innovation. Vantage helps companies enhance internal and external collaboration to improve supply chain performance across these key dimensions, said Mark Gordon, Partner at Vantage Partners. Integrity helps its clients ensure that ethical standards are understood and followed by internal and external stakeholders and our partnership will leverage

Test shows Secure Web provides superior preemptive detection with best response time

The Open Group, a vendor- and technology-neutral consortium focused on open standards and global interoperability within and between enterprises, today announced that the organizations Security Forum has initiated work on a risk management and analysis taxonomy standard. This is the first phase of a comprehensive initiative aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals as well as business managers. The Security Forums focus on a risk management and analysis taxonomy is in direct response to the idea that risk analysis has historically been more art than science. Prior risk taxonomies used terms which were ill-defined, resulting in many inconsistent definitions and taxonomies within the information security landscape. None of these provided a clear and logical representation of the fundamental problem that the risk management profession must control: the frequency and magnitude of loss.

Triumfant announced an agreement with Dell to deliver out-of-the-box NIST SCAP validated solutions to allow federal organizations to comply with the U.S. Office of Management and Budget (OMB) Federal Desktop Core Configuration (FDCC) mandate. Under the agreement, Dell will incorporate Triumfant Compliance Manager software on Windows computer systems for federal government customers. Triumfant Compliance Manager is the only solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, every day. Triumfant Compliance Manager supports Security Content Automation Protocol (SCAP) to ensure ongoing compliance with the FDCC security standards, as well as a wide range of government regulations and IT policies.

The secure management of personal digital information is becoming a key challenge for public and private sector organisations alike and, under the new Criminal Justice and Immigration Act, the UK's Information Commissioner is able to impose substantial fines on organisations that 'deliberately' or 'recklessly' commit serious breaches of the Data Protection Act (DPA). To help organisations comply with the requirements of the Act, IT Governance has launched a 'DPA Compliance Toolkit' that provides all the essential templates and tools, greatly simplifying and speeding up the task.

Symantec announced a significant update to its compliance process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC) initiatives within global organizations. Symantec Control Compliance Suite provides customers with the ability to automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of managing compliance. Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and sustainable manner.

Symantec announced a significant update to its compliance process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC) initiatives within global organizations. Symantec Control Compliance Suite provides customers with the ability to automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of managing compliance. Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and sustainable manner.

OpenPages, provider of Enterprise GRC Management Solutions that optimize business performance, announced it has received a patent for its highly configurable GRC platform. United States Patent and Trademark Office (USPTO) awarded the company U.S. patent No 7,356,771 on April 8, 2008, and the patent describes the company's innovation around developing applications based on a metadata-driven framework. The patent demonstrates the uniqueness of the company's GRC platform and its commitment to product innovation. The patent further illustrates the company's leadership in the market for governance, risk and compliance (GRC) solutions. Through configuration, OpenPages' GRC platform provides the ability to develop business applications without coding, which enables OpenPages to respond quickly to new market opportunities and customer demand for new solutions. This metadata-driven approach has allowed OpenPages to release new solutions in rapid succession over the last 18 months. The company c

Alert Logic, an award-winning provider of on-demand IT compliance and security solutions, today announced that it has signed a partnership agreement with Logicworks, a leading provider of high-availability hosting solutions to support business-critical applications and content. The partnership will provide Logicworks clients with Alert Logics Log Manager and Threat Manager solutions to ensure their networks are secure and compliant with industry and government regulations. Log Manager gives organizations the ability to secure their networks and comply with regulations that mandate log data be collected, regularly reviewed, and securely archived. Threat Manager combines intrusion detection and vulnerability management technology to offer protection from viruses, worms, and other threats brought in by roaming laptops, VPN connections, wireless access points, partner portals, and other supposedly trusted sources.

At Microsoft Tech-Ed North America 2008, Attachmate Corporation, will showcase its product offerings designed and built for Microsoft Windows Vista and the Microsoft Office 2007 system. Attachmates presence at Tech-Ed further secures its position as the go-to vendor for host access on the Windows Vista/Office 2007 platform. Additionally, Attachmate is announcing general availability of Reflection for the Web 2008, the companys flagship browser-based host access offering. Currently available and attaining traction in the market, Reflection for IBM 2007 is Attachmates built-for-Windows Vista terminal emulation solution. Combining the comprehensive productivity and security feature sets found in Attachmates existing EXTRA! and Reflection host access offerings, Reflection for IBM 2007 strengthens mainframe security, maximizes IT flexibility and provides a set of features that significantly boost user productivity. Reflection is certified for Windows Vista and takes advantage of multipl

OpenPages, provider of Enterprise GRC Management Solutions that optimize business performance, today announced it has received a patent for its highly configurable GRC platform. United States Patent and Trademark Office (USPTO) awarded the company U.S. patent No 7,356,771 on April 8, 2008, and the patent describes the company's innovation around developing applications based on a metadata-driven framework. The patent demonstrates the uniqueness of the company's GRC platform and its commitment to product innovation. The patent further illustrates the company's leadership in the market for governance, risk and compliance (GRC) solutions. Through configuration, OpenPages' GRC platform provides the ability to develop business applications without coding, which enables OpenPages to respond quickly to new market opportunities and customer demand for new solutions. This metadata-driven approach has allowed OpenPages to release new solutions in rapid succession over the last 18 months. The com

CA, announced CA Security Compliance Manager, a new, internally developed CA security product that delivers capabilities that help CA customers address IT security and compliance with legal, corporate and government regulations. CA Security Compliance Manager focuses on helping organizations automate processes for answering security questions such as Who has access to what? Who can do what? and Who approved what? to help detect security policy or compliance violations and then initiate any necessary remediation. CA Security Compliance Manager is one of three CA identity and access management (IAM) products announced today. These three productsCA Identity Manager, CA Access Control Premium Edition and CA Security Compliance Managerjoin seven other CA IAM products announced in October and November 2007 as part of CA IAM r12. The IAM r12 products are designed to help manage the identity lifecycle, and provide robust IT security controls, analysis and proof of compliance, and autom

TraceSecurity, a SaaS provider offering security compliance and risk management software and services, introduced the newest version of their TraceSecurity Compliance Manager (TSCM). TSCM 4.5 is packed with improved functionality that boosts an already powerful offering including auto creation of policies and policy change management and support for Identity Theft Red Flags, NERC CIP Standards, and NIST. With these new enhancements, organizations from a variety of vertical industries can achieve greater security and compliance control over their network, while providing the protection and peace of mind they crave for their customers. The newest version of TSCM provides greatly enhanced functionality and features that strengthen the security and compliance controls of organizations, said Jim Stickley, CTO of TraceSecurity. Features, such as the ability to create comprehensive policies on demand for numerous departments throughout an organization, allow our customers to quickly and easil

CA announced the release of CA Access Control Premium Edition. Offering cross-platform creation, deployment and management of complex, specific, role-based access controls for servers, CA Access Control Premium Edition delivers capabilities that help facilitate customers IT security and compliance with legal, corporate and government regulations. CA Access Control Premium Edition is one of three CA identity and access management (IAM) products announced today. These three productsCA Identity Manager, CA Access Control Premium Edition and a new product, CA Security Compliance Managerjoin seven other CA IAM products announced in October and November 2007 as part of CA IAM r12. The IAM r12 products are designed to help manage the identity lifecycle and provide robust IT security controls, analysis and proof of compliance, and automation of compliance processes.

KACE, a systems management appliance company announced the results of a new study that revealed nearly two-thirds of IT executives and managers believe their companies have not taken appropriate steps to ensure compliance with the license agreements for software they have deployed. The survey further reveals these same IT executives believe their companies are ill-prepared for a software license compliance audit. Citing insufficient software discovery capabilities and manual license tracking processes, IT organizations are left exposed to painful outside audit risks. The research, consisting of an online survey of almost 350 respondents, was commissioned by KACE to gather data about the current state of software licensing compliance in corporate IT. The survey focused on hot-button corporate issues such as unlicensed software, license compliance processes and tools, and perceptions of the impact of software audits. The survey showed IT organizations have not taken adequate measures to

Industry-leading protection components enable optimal operational efficiencies, complete deployment choices and lowest total cost of ownership

Secure Web Protection Service is first to offer reputation-enhanced filtering and intent-based anti-malware protection

VeriSign Enterprise Security Services announced major enhancements to the VeriSign Log Management Service. The enhancements include expanded reporting capabilities, deeper correlation across log sources, and an agreement with ArcSight to integrate support for the company's Logger technology into the VeriSign service. The addition of the ArcSight solution makes VeriSign Log Management Service the first of its kind to support multiple technologies from best-of-breed providers through a fully managed solution. To protect critical information and to comply with government and industry regulations, organizations must monitor a myriad of commercial and custom applications on a variety of different platforms. Doing so is a complex, labor-intensive undertaking. The VeriSign Log Management Service allows customers to collect, analyze and store system and application logs to provide a deeper level of security monitoring as well as meet a broad array of compliance requirements, such as the Paymen

Insurers credit Skywire Software's compliance application, Tracker, for accelerating the state filings process - and helping to speed the time-to-market for new products. Since deploying Tracker, Allstate Insurance has reduced not only the time it takes to file, but also the average time required to receive DOI approval. The company's filing department is now able to submit Department of Insurance forms sent in by product development teams on average in one day, a drop from an average of five to six days prior to the deployment of Tracker. It also obtains approval for a product in all 50 states in 44 days on average. With Tracker we're able to automate the preparation and submission of state filings, said Bonnie Whittman, director of State Filings at Allstate Insurance. This has enhanced our ability to streamline the state filing process and bring new products to market quickly The insight we have gained by using Tracker to monitor the entire process also has given us great insight int

Paisley, provider of governance, risk and compliance (GRC) software solutions, announced that it is a featured exhibitor at The Institute of Internal Auditors (IIA) 2008 Financial Services Conference in Atlanta, Georgia from June 2 to 4. Recognized throughout the industry for its internal audit expertise, Paisley has helped hundreds of organizations unite internal audit processes with other GRC disciplines -- including financial controls management, risk management and compliance.

Tizor Systems, provider of enterprise database monitoring and protection solutions for the data center, announced that it has joined CAs Technology Partner Program. CA, one of the worlds largest independent software companies, provides software solutions to unify and simplify IT management and secure IT environments, The partnership will include integration between Tizors Mantra database auditing solutions and CA Security Information Management (SIM) solution, including CA Security Command Center which aggregates, correlates and prioritizes security events. The relationship was formed in response to the market need for integrated solutions that provide a comprehensive data security and regulatory compliance approach that is both easy to use and scalable enough for large business organizations. Through this collaboration, CA and Tizor will streamline the discovery, management and protection of sensitive data for enterprises across a variety of industries.

Voltage Security and Websense to Integrate Market-Leading Encryption and Data Loss Prevention Solutions

he U. S. General Services Administration (GSA) has invited interested parties to compete for a project to replace the agencys Billing and Accounts Receivable (BAAR) system. GSAs Office of the Chief Financial Officer (OCFO) also posted a Request for Quotation (RFQ) on the agencys eBuy web site for a 45-day period. Solicitations and/or questions related to the RFQ may be submitted through 2 PM June 12, 2008. The RFQ is for a base period of three years and one two-year option period. Once in place, the new BAAR system will facilitate easier upgrades of government rules and guidelines, support new technologies that eliminate manual processes, meet increasing security requirements, and support GSAs financial management enterprise architecture.

Securify announced the results of a new survey that confirms that auditors are increasingly asking the majority of public companies for more proof of monitoring user behaviors on the network. The survey of over 330 public companies, including detailed responses from over 100 companies, also showed that over 60 percent of companies surveyed had either already outsourced some network security to Managed Security Services Providers (MSSPs) or would considering doing so for identity-based monitoring. A good solution match for MSSP providers, Identity-based monitoring can help mitigate insider risk, a challenge which is difficult to achieve in a standardized way with existing IT resources. Insider threats have been at the forefront of recent breaches, even for companies that are in compliance with industry regulations like PCI.

Ounce Labs announced ITWorx, a professional IT services firm focusing on IT solutions development for Global 2000 companies, has implemented the company's automated source code analysis solution to provide its worldwide customers with the most secure software. ITWorx is using Ounce Labs' solution as it builds security into its software development life cycle, delivering products that can withstand ever-changing security requirements. While outsourcing application development -- including Web applications -- provides cost savings, organizations have begun to consider and manage the additional risks associated with this model. Delivering more than 300 applications each year, ITWorx allows its customers to focus on their core business rather than on software development. Through the use of Ounce Labs' automated source code analysis solution, ITWorx is able to maintain a competitive advantage in the marketplace by delivering applications that not only meet their customers' business require

Trintech Group, provider of integrated financial governance, transaction risk management, and compliance solutions, announced that it has been named a Cool Vendor in the Gartner report titled Cool Vendors in Compliance and Risk Management, 2008, published on April 24, 2008. Trintech was included in the report by Gartner analyst John E. Van Decker, et al. The report asserts firms that are focusing their GRC efforts on the office of finance and want to bring in more innovative approaches to financial governance should consider best-of-breed applications and ERP offerings in this emerging market.

Shavlik Technologies announced that the companys security products have been included in a multi-year contract under the NASA Solutions for Enterprise-Wide Procurement (SEWP IV) Program. This Government-Wide Acquisition Contract makes Shavliks full security solution suite available to Federal Government customers who need to fully comply with new FISMA reporting requirements from the US Federal Government. The Shavlik Security Suite leverages the Security Content Automation Protocol (SCAP), which uses specific standards to simplify and automate vulnerability management, measurement, and policy compliance evaluations. Two components of the Shavlik Security Suite, NetChk Protect for vulnerability management, and NetChk Compliance for security configuration management, are already SCAP compliant to support government initiatives for standards-based security automation.

SCIPP International, a global non-profit organization dedicated to providing world-class security awareness training and certification services, today announced it has realigned its Generally Accepted Practices (SCIPP GAP) to cover relevant end-user security awareness topics found in the International Organization for Standardizations (ISO) Standard 27001. ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organizations overall business risks. The SCIPP GAP was revised to cover end-user security awareness topics found in ISO 27001 to complement existing content derived from the US Department of Homeland Securitys IT Security Essential Body of Knowledge (DHS EBK); (ISC)2s Certified Information Systems Security Professional (CISSP) CBK, a compendium of information security topics; and ISACAs Certified Information Security Man

Modulo has announced that GreenStone Farm Credit Services (GSFCS) has selected Modulo Risk Manager solution to automate its regulatory compliance. In response to detailed requirements from the Internal Audit department, GSFCS -- Michigan's largest agricultural lender, with several locations in Wisconsin -- was looking for an efficient way to conduct its risk assessment. By leveraging the capabilities of Modulo Risk Manager, the association gained the ability to reduce the cost of ongoing risk assessments. As a $4.5 billion organization of 17,000 members with 37 branches throughout Michigan and Wisconsin, GSFCS is now able to exert effective oversight and transparency of its component processes.

Prism Microsystems, provider of integrated Event Log Management and Change Management solutions for defense in-depth, announced that its Security Information and Event Management (SIEM) solution, EventTracker, has been included in the Department of Navy's Application and Database Management System (DADMS). The DADMS is an authoritative list of software applications that are approved for use in all Navy and Marine Corps information technology systems. As the only SIEM solution that is capable of monitoring real-time log data from Solaris BSM systems that are widely used in government agencies, EventTracker was examined and included in the list because of its feature-heavy offering that met the criteria of the Navy's application reduction initiative. EventTracker is already in use at the U.S Navy, Army and Department of Defense and helps these agencies protect their IT assets from a variety of security vulnerabilities while ensuring compliance with regulatory mandates.

Regulatory compliance requires companies to have security policies that state they will protect the confidentiality, privacy, integrity and availability of their systems, asset data, and customers. According to the security experts at EnterEdge Technology, inventors of the advanced InterSOC solution for total enterprise security management and rapid security threat identification, the challenge is that the event data derived from security, network and system devices isn't delivered in formats that speak this same policy compliance language. As a result, the data produced by typical security solutions offers no solid way to prove or measure performance in terms that match a company's compliance policies. The average security device produces thousands to millions of events a day and new vulnerabilities are continuously being discovered. The pure volume of data produced by today's complex infrastructure environments -- from IDS, firewalls and system logs to proprietary applications, opera

nCircle, provider of agentless security risk and compliance management solutions, announced the release of nine new configuration policies certified by the Center for Internet Security (CIS). The new policies are included in nCircle Configuration Compliance Manager(CCM), and extend nCircle's coverage of common operating system and platform configurations. The policies help enterprises benchmark the configuration state of their critical systems based on CIS standards, and enable proactive compliance monitoring and alerting. nCircle CCM automates configuration auditing and compliance processes including file integrity monitoring, providing visibility into system configurations and the compliance impact of changes to servers, workstations and network infrastructure devices. Uniquely using agentless technology, CCM enables enterprises to audit the configurations of more types of devices, operating systems, and applications than any competing solution.

Proginet Corporation, developer of enterprise software for advanced managed file transfer and security applications, today announced a new partnership agreement with Intelligent Decisions, a systems integrator and IT solution provider to the Federal Government. Under the terms of the agreement, Intelligent Decisions will market CyberFusion Integration Suite (CFI), Proginet's flagship solution for advanced managed file transfer, to its customer base which is comprised of commercial enterprises and many of the largest federal agencies within the U.S. Government. Intelligent Decisions is a significant player in the federal marketplace, stated Kevin Bohan, Proginet's Chief Information Officer. With over 20 years of experience solving the governments most daunting IT challenges, Intelligent Decisions ensures that defense, intelligence, and civilian agencies can address their technology requirements. Having a partner of such stature bringing us into deals with large federal customers could

DigitalStakeout announced that it has agreed to an original equipment manufacturing (OEM) agreement with Support Intelligence. As part of this agreement, DigitalStakeout has developed an integrated appliance with Threat Aware for the Support Intelligence IP Query and React Services. We are excited to join in partnership with DigitalStakeout to deliver the most advanced and comprehensive real-time threat monitoring and security event management, said Rick Wesson, CEO of Support Intelligence. Historical defense-in-depth frameworks are inward-looking and can easily miss threats. The integration and correlation of Support Intelligence's global threat intelligence with DigitalStakeout's best-in-class SIEM lets enterprise and public sector organizations re-think their business-centric security mission challenge and transform their security posture to provide 'defense in dimension' in a truly comprehensive and holistic way.

Compliance Coach, a provider of automated regulatory compliance solutions to the financial services industry, announced that it has identified 23 new identity theft red flags and has updated its software, CompliancePal (http://www.compliancepal.com). CompliancePal is the industrys first software solution to enable compliance with the FACT Act Identity Theft Red Flags Rule. The Federal regulation imposes new responsibilities on businesses to prevent consumer identity theft. The impact is broad and the rule affects every single bank, credit union, mortgage lender, auto dealer, credit card lender, payday lender, landlord, utility company, phone company, and any consumer or small business lender in the country.

Grupo Gesfor and Ounce Labs announced a global alliance partnership to provide Ounce Lab's application security solutions throughout Spain and Latin America. Grupo Gesfor will provide marketing, sales, and implementation support to companies in these regions interested in Ounce Labs' leading source code analysis solution that addresses the increasing risks insecure software poses to their brands and ongoing operations. Grupo Gesfor has a proven track in working with best of breed IT security solutions and implementing software security tools. Grupo Gesfor will work with Ounce Labs to expand its presence in Latin America and Spain by working closely with the company and its subsidiaries in countries including Argentina, Brazil, Chile, Colombia, Panama, Peru, Mexico and Venezuela to manage their customer's application risk by identifying and remediating security issues caused by software security vulnerabilities.

AlterPoint announced the release of advanced network security and compliance capabilities for NetworkAuthority, its flagship open network management solution, which will help customers automatically discover, prioritise and remediate network vulnerabilities and compliance policy violations as they occur. As a result, enterprises will be able to reduce the time, cost and level of expertise required to keep complex, multi-vendor networks audit-ready and secure against constantly evolving threats. As the complexity of managing network security continues to increase, our customers are looking for a more efficient and cost-effective alternative to manual management processes, said Roddy MacLennan, sales director at Devoteam UK. We recommend adoption of an automated management solution that enforces security and compliance policies and eliminates the need to manage configurations at the device level.

Skybox Security announces the fourth-generation of its security risk management software platform. Over 125 of the world's largest companies have adopted Skybox's unique combination of analytics and automation. With Skybox View organizations can accurately pinpoint and prioritize areas of high risk and predict compliance exposures in just minutes.

IPv6 readiness and virtualization management proved to be key issues in the second annual Federal IT Trends Survey, conducted by IT management solutions provider ScienceLogic. Administered at FOSE 2008, over 100 federal agency IT managers, systems administrators and network engineers were polled on various topics within federal IT, including Green IT solutions, virtualization and FISMA compliance. Surprisingly, only 65 percent of agency IT personnel surveyed say that IPv6 is important to their operations - making this issue second to last on the list of priorities covered by the survey. Last year, an equal number of respondents, 1 in 5, said that their agencies would and would not meet the June 2008 mandate for IPv6. This year, the numbers went up, 1 in 3, but the respondents remain equally split on whether or not their agencies will meet the mandate.

lterPoint announced it will debut advanced network security and compliance capabilities for NetworkAuthority, its flagship open network management solution, at Infosecurity Europe 2008, taking place 22-24 April at the Olympia Grand Hall in London, UK. NetworkAuthority's open network model enables businesses to create and maintain a comprehensive inventory of all network assets, including hardware, software and configuration data. The product combines policy-based management and advanced network analytics to provide deep visibility into the performance, compliance and security posture of complex networks ' enabling customers to reconcile strategic business decisions with real-time operational data.

Orchestria has announced that its Intelligent Compliance Suite has been deployed for full-service brokerage and investment banking firm Scott & Stringfellow, a subsidiary of BB&T Corporation. Orchestria's policy-based Intelligent Compliance software is employed to analyze all electronic communication channels in support of SEC, FINRA, and company governance priorities. Scott & Stringfellow has also chosen to implement Orchestria's desktop and server agents throughout its organization.

Research and Markets has announced the addition of EthicsPoint: Transforming Compliance into Business Process ROI to their offering. Portland, Oregon-based SaaS service provider EthicsPoint focuses on turning ethical and compliance issues into business practices that reach beyond HR and corporate attorneys offices to support actions and provide benefits throughout the organization. Founded in 1999, EthicsPoint focuses on highly regulated industries such as banking and financial, mining, health care, pharmaceuticals, retail, manufacturing, and transportation.

Tenable Network Security Tenable Network Security is the leader in unified security monitoring. Tenable provides agentless solutions for continuous monitoring of vulnerabilities, configurations, sensitive data detection, log analysis and compromise detection. Tenable's award-winning products are utilized by many Global 2000 organizations and Government agencies to proactively minimize network risk. For more information, please visit http://www.tenablesecurity.com or email sales@tenablesecurity.com. Contact Information: Jack Huffard, Tenable Network Security 410-872-0555 media@tenablesecurity.com

Security solutions developer High Tower Software has released a security appliance designed to help IT personnel in smaller organizations mitigate network security risks and better manage regulatory compliance. Called Cinxi Express, the new product is a Security Information Event Manager (SIEM) that collects log data from network devices, applications and users, analyzes the information to assess potential security and compliance threats, and alerts personnel when risks are detected. Like High Tower's enterprise-class Cinxi SIEM solutions, Cinxi Express delivers a full suite of log management, threat response, compliance monitoring, and data forensics capabilities organizations need to ensure that networks are secure and operating within corporate and regulatory guidelines.

Configuresoft announced that it has enhanced its continuous compliance and security capabilities for VMware environments with support for the Center for Internet Security (CIS) VMware ESX Server Benchmark. Support for this Benchmark enables IT Operations to easily measure compliance with best practices for hardening virtual environments from a broad consensus of industry experts. Last year, at a birds-of-a-feather session at RSA, CIS and Configuresoft developed a benchmark working group and with input from more than 200 virtualization and security experts from the commercial market, federal organizations, manufacturers and the software industry created the industry's first virtual machine security benchmark. CIS benchmarks and guidelines are unique in the industry in that they are created via broad consensus. This benchmark extends and enhances the hardening guidelines offered by the manufacturers by consolidating the expert opinion of the world's leading security professionals.

McAfee announced the formation of a new business unit focused on IT governance, risk and compliance. The new Risk and Compliance Business Unit will focus on driving innovation and extending McAfee's lead in security risk management. Led by George Kurtz, senior vice president and general manager at McAfee, the business unit will accelerate McAfee's leadership position in the rapidly growing governance, risk and compliance market. Government regulations and corporate policies demand that businesses prove their ability to comply with IT security policies designed to minimize risk. The Risk and Compliance Business Unit will provide McAfee with a greater focus on aggressively enhancing, integrating and adding content to its current risk and compliance offerings. The company will also concentrate efforts to include tighter cross-product integration with other McAfee products.

Voltage SecureData Grows Momentum With Major Integrators and Global 2000 Companies. Leading organizations standardize on advanced cryptographic solution to foil identity theft, speed compliance efforts, protect outsourced environments and avoid public data breach disclosures.