Security Execs Look to Open Source Vulnerability Data

NORTHBROOK, IL, July 6, 2006 – System and network security administrators are now leveraging open-source communities to keep their networks secure. As sharing and collaborating online becomes more efficient, the network security industry is utilizing these communication vehicles to quickly and accurately discover and discuss new vulnerabilities.

“With so many vulnerabilities and out there, it is not reasonable to expect that one security company will know about all network security vulnerabilities,” said Brandon Buhai, COO of Beyond-IP. “That’s why we rely on a modified open source model to identify and validate the most current vulnerabilities and their associated fixes.”

Beyond-IP vulnerability assessment tools rely on data from – a centralized network security web site that relies on user-submitted information as well as consolidates information from various mailing lists and hacker channels as well as the Company’s own tools and knowledge.

As new vulnerabilities are discovered, they are submitted to Securiteam and validated before being distributed to the global IT security community. While not technically “open source,” the content is distributed at no charge to the community. For the network security community, this operates as an early warning system, giving professionals the maximum time window to correct a vulnerability before it can be exploited.

The site leverages the collective knowledgebase of all its users, allowing each fix that is posted to be validated by other active users. Real people test and revise the proposed solution until the best fix is arrived upon and distributed.

Beyond-IP and Securiteam align the overlapping self-interest of thousands of security experts by connecting them through one point of contact that shares their common purpose. The site ensures everyone receives the latest fixes, which are peer reviewed by others who are motivated by their own security, thus providing security for the entire group.

Beyond-IP also benefits by incorporating this valuable data as part of its vulnerability management solution. Beyond-IP’s Automated Scanning tools use this data to locate and expose security breaches and vulnerabilities, listing their exact location and description, complete with suggested solutions. The system is able to either simultaneously scan all pre-configured IP addresses or schedule tests for specific IP’s at specific times.

“The richness of our vulnerability data gives the entire community complete and validated information at any time. Automated Scanning gives specialists complete information about their hosts at any specific time, allowing them to better manage the security function.”

Each scan includes the widest range of security tests available today. The Automated Scanning mechanism, updated 3 times daily for new vulnerabilities, includes general security tests, specific tests for Windows 9x/NT/2000/XP/2003, UNIX, Novell, etc., and special firewall, application-level, and network router checks.

“Administrators win by effortlessly leveraging the collective knowledge of peers spanning the breadth of their field. Beyond-IP wins by being able to integrate this collective knowledge into its Automated Scanning and other enterprise-level security scanning tools,” says Buhai.

About Beyond-IP, LLC

For organizations concerned about regulatory compliance or dissatisfied with the network security audit services provided by their consulting firms, Beyond-IP provides an Automated Vulnerability Management Appliance that provides a higher quality, lower cost network vulnerability assessment and management than any other alternative. The Automated Vulnerability Management Appliances performs a security mapping of your network and simulates attacks originating from either the internal or the external network. Once the security scanning is complete, the software generates a detailed vulnerability report specifying the security breaches, along with practical solutions to fix those vulnerabilities. Beyond-IP’s solutions allow simplified measurement, monitoring and management of vulnerabilities over time. To learn more, visit

Contact for Beyond-IP, LLC

Ben Bradley