3Com Service Assesses Vulnerabilities
Through its new TippingPoint Security Posture Assessment (SPA), launched last month, 3Com aims to provide customers with a comprehensive security evaluation that identifies network vulnerabilities and potential threats, combined with vendor-agnostic recommendations for policies, procedures and tools to eliminate weaknesses.
While 3Com will perform some of the assessments through a small team within its own staff of engineers, the vendor is providing partner training so that it can deliver the majority of its SPA deployments via top-level channel partners, with no more than 30 percent to be delivered using its own resources, said Don Ward, senior director of services and support at 3Com, Marlborough, Mass.
“We don&'t want to compete with the channel,” Ward said.
Chris Bramhall, business development manager at South Seas Data, a 3Com TippingPoint partner in Englewood, Colo., said he would prefer to deliver SPA utilizing his own staff rather than 3Com engineers. “Obviously the margins are better if our own people are doing the project and we don&'t have to pass money through several hands,” he said.
Bramhall said details from 3Com thus far have been light as to how it plans to roll the service out to partners, but he expects to learn more at the TippingPoint VAR council meeting in Austin, Texas, later this month.
The new SPA service should be particularly appealing to South Seas Data&'s enterprise customers, many of whom are struggling with regulatory compliance issues, Bramhall said.
Ward agreed that the service initially would be of greatest interest to enterprise customers, adding that 3Com also expects to see a huge opportunity for SPA within midsize customers with 200 to 500 users.
A typical SPA deployment runs in two phases: a three-day engineering review followed by a three-day data collection, collaboration and reporting phase.
During the first phase, engineers utilize tools developed by 3Com&'s TippingPoint security division to identify security problems and weaknesses by performing network mapping, security scans, password cracking, blended attacks and penetration testing to determine the network&'s level of vulnerability.
The end result is a final assessment report that includes detailed test findings, expert analysis and recommendations for ways to address identified problems.
The average enterprise-level SPA deployment is priced from $6,000 to $8,000, Ward said.