To evaluate the security level against the threats, you need to evaluate the risks against the IT security investment, and consider more than the sole licence cost of this investment: does it require IT staff training? How long is the deployment time? How many man-hours does it require to be implemented? Does it include paid-for functionalities that you cannot use? Does it require additional application re-configuring? Often, our clients tell us that their first problem is not to evaluate the cost, but their exact need versus their infrastructure.

Based on the feedback you get from your clients, are there more internal or external security breaches?

External security breaches can be easily covered with a well configured firewall. Internal breaches represent more and more risk, as they can be exploited from worms, spywares, viruses that are inserted into the company through e-mails, USB keys, Wi-Fi, laptops etc. Moreover, targeted attacks are increasingly common, and most often exploit internal breaches.

As we all know 99% of all successful external attacks take advantage of known vulnerabilities, misconfigured and poorly administrated systems & processes. What is less known, according to the Gartner Group, is that Organizations that implement an effective vulnerability management program will experience an 80% reduction in successful attacks (0.8% probability - Gartner September 2006).

Where do you see the current security threats your products are guarding against in 5 years from now? What kind of evolution do you expect?


Software will always contain vulnerabilities, and hackers will always do their best to exploit them. But the danger will come from the reduced time between the discovery of vulnerability and the first exploit. This will require tight integration of vulnerability management and remediation solutions, as well as on-demand scanning of systems for network access control.

What are Criston's strengths in the market? How are you building on these advantages?

For the last ten years, our expertise has been both in the Infrastructure and Security fileds. Therefore, we are a key driver of the convergence of these two areas. Today, we are the only provider delivering the following four critical services, either in one single fully integrated solution, or individually through individual modules of the complete solution: scanning missing patches, deploying patches, scanning configuration issues and fixing configuration issues.

Customers using our products can answer truly business-critical questions relating to their infrastructure and its security, such as: do I know my Infrastructure? How do I check device health before connection? How do I support mobile workers? How fast do I react to vulnerability disclosure? How do I deploy security policies? How do I secure your USB ports? and many more! Because we have developed our solutions upon one single intelligent agent technology, answering these questions and solving the issues can be done on one single console, with one single database. For our clients, this reduces deployment and costs complexity and increases the manageability of the entire solution