Product and Service Overview
|| View Products and Services document
|What is SekChek?|
SekChek® is a family of automated security audit and benchmarking tools. It measures computer security against leading international security practices and real-life averages by industry sector.
- Comprehensive reporting on system-based security controls, not sample-based
- An independent assessment of security against international standards
- Benchmarking against 50 million security measurements and industry averages for security compiled from 80,000 systems in 140 countries
- Minimal client intervention and technical expertise is required
- No need to purchase and maintain expensive software; pay per use
- Guaranteed 24-hour turnaround time
The tool produces an easy to read report in both text and graphical format, which highlights deviations from industry averages and leading international practices for security.
It also details security exposures and their implications, and prioritises recommended actions to correct deficiencies.
SekChek also permits you to substitute your own internal security standards as benchmarks.
|How will this tool benefit my organisation?|
SekChek reports help security administrators, IS managers, consultants and audit personnel to quickly identify problem areas and compare their security settings against leading practices and real-world averages.
A SekChek summary report alerts management to overall exposure from potential computer system security and network weaknesses. The summary also prioritises corrective recommendations.
A multi-page, detailed report for audit, QA and IS staff indicates:
- Identified security weaknesses
- Security implications of each identified weakness
- A risk rating of low to high
- Recommended actions to correct any weaknesses
Reports provide comparative analyses by benchmarking your system against other organisations within your industry sector, enabling you to adjust your security settings according to industry practices.
|When should I use the tool?|
SekChek is a security assessment tool well suited to the following applications:
- Performing the information security part of an audit’s General Controls Review (GCR);
- Highlighting deviations from generally accepted international security standards;
- Detailing security exposures and their implications;
- Prioritising recommended actions to correct deficiencies;
- Conducting tests of controls and evaluating effectiveness;
- Measuring whether security has strengthened or weakened since the previous analysis.
One of SekChek’s exciting features is its ability to quickly highlight changes in security.
The tool can provide you with a collection of easy-to-read reports in a familiar format containing visual indicators of:
- Whether security has improved or weakened since your previous analysis
- The effectiveness of your measures to strengthen controls
- Whether risk is increasing or decreasing
- The degree of change, both positive and negative
The benefits and applications are numerous: savings in time and cost; increased objectivity; easier monitoring of your compliance with legislation and statutory requirements; and the ability to present more powerful and convincing arguments to senior, non-technical management.
|Other indicators for using the tool?|
SekChek is equally cost-effective at performing security assessments in the following circumstances:
- To evidence successful implementation of new organisational Computer Security Policies
- To review compliance with recommended security practices issued by government regulators and legislation, such as SOX and HIPAA
- To confirm expected/mandated security measures are reinstated after significant IT upgrades
- To compare consistency of company-wide security practices to corporate security benchmarks.
|How does the tool work?|
SekChek runs on all versions of OS/400 (iSeries), Microsoft Windows, Active Directory, all UNIX variants (e.g. AIX, HP-UX, Solaris, SCO, OSF, Linux, Red Hat) and Novell / Netware.
Security data is scanned on the target system, encrypted and sent to the SekChek team for processing.
The SekChek operation processes the extracted data offline and generates comprehensive reports – both summary and detailed - in standard word processor format.
Your report is securely encrypted and promptly returned to you.
Reports detail prioritised recommendations to help mitigate logical security exposure risks. SekChek guarantees a 24-hour report turnaround time.
SekChek processing is completely secure ensuring uncompromised confidentiality of client data.
|What impact will SekChek have on my system?|
From the very outset SekChek was designed to be non-intrusive, make zero changes to the target system, and leave no trace behind after the Scan process has completed.
Unlike most products, there is no requirement to setup or install SekChek on the target system and no dependence on software agents.
|What are the most common platforms analysed by SekChek?|
This comparison represents the proportion of system platforms reviewed by SekChek from 1997 to 2015.
UNIX comprises all of the popular variants including AIX, HP-UX, Linux, OSF, Red Hat, Solaris and SCO.
This analysis is based on over 80,000 security reviews performed on client systems during this period.
Click on a product in the chart to find out more.
|What are the limitations of SekChek?|
- SekChek analyses security at the OS level; i.e. does not analyse security at the application level;
- It does not support large mainframe environments
- Reports are available in English language only
- Reduced benefit where a third-party security product is installed using proprietary security files
|In which countries is SekChek used most frequently?|
This regional comparison shows the distribution of SekChek usage from 1997 to 2015.
The distribution has been greatly influenced by the rate of adoption of SekChek by audit firms and their clients throughout the world.
In other cases, large multinational clients have successfully used the tool to centralise security reviews of systems located at their overseas offices and subsidiaries.
The chart represents more than 80,000 security reviews performed on client systems in 140 countries.
|How does SekChek compare against industry averages for security?|
This comparison shows the distribution of SekChek reviews across some of the major industries where SekChek has been used.
A unique statistics database permits SekChek to calculate real/actual industry averages for security.
As new reviews are processed, summaries of the results (excluding client identification) are automatically added to a dynamic database of over 80,000 assessments.
|How do I obtain the tool?|
You can download the SekChek software at no charge by clicking here. Or write to us for more information.
|How does the subscription payment plan work?|
The most convenient and cost effective way to use SekChek is through a subscription account. The pricing structure is very simple and the more SekChek units you subscribe to, the less each review costs.
Prices are consistent across the entire SekChek service range (OS/400, Microsoft Windows, Active Directory, UNIX and Novell / NetWare), so you only need purchase one subscription. You are free to choose and mix different SekChek services in the same subscription.
Once your subscription is confirmed you just send us your security files for processing any time you are ready. At the end of each month we will send you a statement indicating your usage of SekChek and we will issue a reminder just before your subscription is consumed.
Subscriptions have no time limits and unused units never expire.
Read about how to get started with SekChek.