Startup Allgress made its debut Tuesday with software designed to give chief information security officers (CISOs) a view into the security and risk-compliance status of corporate networks and data resources.
FRESH BLOOD: 7 hot security startups to watch
The Livermore, Calif., company is unveiling Allgress Risk Intelligence, which can be used to receive feeds of security scans, penetration tests and other data from enterprise security tools in order to aggregate information into a view detailing where compliance is strongest or weakest. The software is intended to help CISOs prepare compliance information related to frameworks such as COBIT, NERC, PCI and HIPAA so that it can be understood by business managers.
"CISOs can have a hard time gathering up data points," says Jeff Bennett, president and COO, who co-founded the firm with CEO Gordon Shevlin. "CISOs need to up their game and be business-oriented. That way, they can maintain their effectiveness."
The Allgress software is not a security information and event management product specifically, though it may draw from similar sources. Rather, Allgress Risk Intelligence, which makes use of Microsoft SQL Server and can run on-premise or in the cloud, presents its findings about security risk and compliance in the form of a "heat map" about the organization in terms of "revenue centers," according to Chris Armstrong, Allgress CISO and CTO.
This makes it possible for the CISO to make it clear to business management how failure to achieve regulatory compliance would impact the organization "in the language that business speaks," Armstrong says.
The Allgress software, in its fourth updated version, costs about $150,000. About 40 customers are said to be early adopters, including eBay, Bancolombia, BBVA Bancomer and HealthNet.
Founded in 2008, Allgress has about 30 employees and is funded with approximately $6 million, mainly from its founders.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.