SekChek Provides Independent “Reality Check” Of Operating System Security
Comparing Against Dynamically-Updated Data from Over 30,000 Systems in 90 Countries, Company’s Security Service Provides Quick, Thorough Evaluation of Any Host Operating System
CHARLOTTE, NC – (June 20th, 2006) – For most IT departments, one of the most difficult questions to answer is, “How secure is our computer environment?” Difficult not because of the lack of information…but because it begs the question, “Compared to what?”
Independent, objective, and reliable evaluation of a company’s computer security is the key deliverable of SekChek®. Used by hundreds of corporations around the world, SekChek’s automated analysis quickly determines how a company’s security controls stack up against similar deployments—not in theory, but using current, real-world data.
Founded in 1996 by two IT security specialists from a Big Four accounting firm, SekChek has become a respected resource among internal IT auditors, IT systems administrators, Chief Security Officers and security service providers. The service provides a complete—not sample-based—review of host operating system security controls, analyzing every security object on the system including users, groups, and profiles. A detailed report is typically provided within 6 – 8 hours, and guaranteed within 24 hours.
“Unlike packaged security software, SekChek provides a systems ‘reality check’ based on real-world benchmarks that are continually updated,” said Andrew Chodelski, vice president of marketing for SekChek. “Many of the world’s most demanding clients depend on us, not only for comparisons but also for input into security best practices.”
SekChek does not sell software. It provides its security assessments as a subscription-based service, using proprietary extraction technology to obtain security details from the enterprise’s host operating system. Any kind of OS can be analyzed—AS/400, Windows NT/2000/2003/XP, NetWare 4.x, 5.x, 6.x and all flavors of UNIX.
Once SekChek’s extraction software performs its work, the data is encrypted and transmitted to SekChek for processing. The resulting analyses are compared to SekChek’s unique database of summarized security data covering 30,000 discrete systems in 90 countries around the world. The security data, which has been cleansed to remove any trace of its corporate origins, is stratified according to operating platform, industry category, country of origin, and number of users. A rolling system of updates assures that the unique database information is continually up to date and relevant.
These comparisons against actual give immediate feedback on how well a system’s security stacks up against similar ones in the real world. Reports are generated in the subscriber’s choice of Microsoft Word, Excel or Access formats, and findings can be interpreted according to a wide range of metrics: all industries, specific industry, internationally recognized best practices, or the company’s own security policy and standards.
To substantiate security improvements for Sarbanes-Oxley reporting, SekChek presents unique time-based comparative analyses in a trend graph format. What’s more, because SekChek reports can compare internal data over time, they are useful for spotting anomalies consistent with tampering by current or former employees.
Subscriptions to SekChek cover any combination of services and operating system platforms. Pricing is set on a sliding scale and there is no time limitation on SekChek security checks. For more information about the SekChek security evaluation service, visit www.sekchek.com.