Applications at Capital IQ, a financial-information division of Standard & Poor's, are tightly integrated across disparate operating systems, connecting business processes in order to provide the best advice to corporate clients. "App security was always a tough thing to get a handle on," says Ken Pfeil, chief security officer at Capital IQ.
After trying other products, Pfeil recently got an early version of security software that seems to do many tasks that previous products couldn't. NT Objectives Inc. last week unleashed its NTOSpider software for automated application-vulnerability assessment. "Other products weren't cutting it for our complex apps," Pfeil says.
Automated app-vulnerability software let Capital IQ cut worker hours, Pfeil says.
In the case of Capital IQ, "we're securing the application about 20% faster than we have in the past, and this has cut approximately 20 man hours on a biweekly basis for code-review testing," Pfeil says. In other words, NT Objectives has reduced Pfeil's total worker hours by a third.
Pfeil also credits NTOSpider, compared with the competition, with finding missed vulnerabilities, letting users open multiple reports at the same time and reuse templates, and organizing data for management to read.
Too many customers update their application infrastructures with no idea how upgrades, new components, and off-the-shelf products contribute to complexity, says Peter Lindstrom, an analyst at security market-research firm Spire Security. "And that breeds insecurity," he says. NTOSpider helps customers build resource maps of all the components added to an application, he says, which helps them design the app infrastructure from a security perspective.