Cenzic, a provider of automated application security assessment and compliance solutions, has unveiled Hailstorm Enterprise ARC (Application Risk Controller), the first product to address application security assessment across the enterprise. With its intelligent dashboard, Cenzic Enterprise ARC gives companies the ability to automatically discover and inventory applications and provides a comprehensive view of application security status with a complete workflow from a central console for Information Security Managers, CIOs, CISOs, Compliance Officers, and Privacy Officers -- all through a web interface, as per the company.

With today's enterprise applications spanning departments, business units, and geographies, Cenzic Enterprise ARC gives executives visibility into application security status, helping them to identify trends, prioritize resources, and make better business decisions to bulletproof the organization's applications. In addition, Cenzic Hailstorm Enterprise ARC enables companies to automatically identify all web applications within an environment with its web application discovery tool and provides a new quantitative metric called HARM to measure vulnerability levels of applications.

Protecting web applications is becoming a major pain point for enterprises of all sizes. Whether it's a small company doing business online or a large company handling all their customer transactions, web front-ends have become a must for businesses. Due to the open nature of web sites, hackers are exploiting the same interfaces that consumers use to exploit code to steal confidential information, Intellectual Property, or transfer money illegally. According to a recent Symantec Threat Report, 59% of the total vulnerabilities relate to web applications. In a recent CSI/FBI report on security, almost 100% of respondents had some kind of web incident, with 59% of respondents citing more than ten incidents.

"Global enterprises like large financial services firms may have thousands of customer-facing applications that are vulnerable to network-borne attacks. Many of these applications were built in part long before these threats were understood," said Peter Christy, principal analyst at Internet Research Group. "Much of the security focus to date has been in providing desktop and network gateway security; however, as the attackers are increasingly criminally motivated, more and more of the attacks are happening at the application level, where the attack masquerades as a legitimate user and attempts to hijack a transaction and access information. The impact of such attacks can have serious financial impact to the organization and to the individuals whose information has been stolen. Cenzic's Enterprise ARC product significantly simplifies the task of ongoing application testing and application vulnerability management and provides these large enterprises with a valuable solution for this key aspect of business risk management."

Hailstorm Enterprise ARC provides automated security assessment of custom and commercial web applications and works throughout the software development lifecycle (SDLC) -- whether in development, QA, or operations -- to help find and remediate security vulnerabilities, guide enforcement of internal security policies and support regulatory compliance. With its dashboard views of applications, departments, business units, security and compliance executives are armed with real-time status of the enterprise and the ability to launch and test any application.

"As enterprise organizations become increasingly aware of the vulnerabilities of their web applications, security vendors need to provide breakthrough technology that will elevate both the role of the CISO and the web application security market in protecting companies against attacks," said Theresa Lanowitz of voke, Inc. "Users of application security products and services are in need of features such as intelligent dashboards which deliver CISOs true visibility of security risk assessment across the enterprise. Capabilities such as an intelligent integrated dashboard enhance communication among the enterprise stakeholders and enable overall application security and increase productivity."