Responsibility for IT security is a difficult role in most companies, and one that continually presents new challenges. Cyber criminals use more sophisticated methods every day, and the regulatory compliance burden continues to increase. eEye Digital Security today delivered a centralized, end-to-end vulnerability and compliance management solution to help ease that burden.

"The average IT person working in the trenches trying to get things done--that's who we're trying to help," said Marc Maiffret, co-founder and CTO of eEye.

"We know stuff like regulatory compliance is really important," he added. "Most of these people are spending about 50 percent of their time just to try to meet regulations. That's not really leaving a lot of time to pursue all the security initiatives that could really help you at the end of the day, not to mention working on other IT projects. It means they have a lot of things they know they need to do with security, but they end up leaving it to go by the wayside. People should not have to spend 50 percent of their time just to do that."

Maiffret referred to numbers from the eEye 2011 Vulnerability Management Trends Research Report, also released today. The report—based on a survey of 1,963 C-level executives and managers, along with conversations with customers, prospects and analysts—found that regulatory compliance is demanding as much as 50 percent of IT security teams' work weeks. The report also found that 60 percent of respondents' organizations have unpatched vulnerabilities in up to 25 percent of their applications. In addition, 31 percent of respondents reported that they did not have enough personnel to patch vulnerabilities.

"Our enterprise and government agency customers deploy hundreds of applications across thousands of on-premise, remote and mobile computing endpoints," Maiffret said. "To keep ahead of vulnerabilities and compliance issues, they need solutions that automate the entire vulnerability management cycle."

eEye's solution is the Retina CS 2.0 Management Console, an update to Retina CS that provides a fully integrated Web-based security console with centralized vulnerability management. It features smart alerting, rules and groups intended to simplify vulnerability management across multiple assets and locations. It's also packaged with a new smart reporting engine.

In addition, it features add-on modules for configuration compliance, regulatory reporting and patch management.

The regulatory reporting packs include compliance reports that map vulnerability and configuration audits for PCI, HIPAA, SOX, GLBA, NIST, FERC/NERC, MASS 201, ISO, COBiT and ITIL.

The configuration compliance module allows IT to define and manage enterprise-wide security policies through drag-and-drop functionality.

Finally, the patch management module provides integrated, automated and agentless Windows patch management. It integrates information from the regulatory reporting packs and configuration compliance module to allow the user to prioritize patch management based on risk profile. Maiffret noted that the patch management module will support third-party patches by the middle of next year.

"Some organizations might already have something that they're doing with patches or something they're already doing with configuration compliance," Maiffret said. "That's why each piece is modular."

He added, "This release for us is really our first step in the process of automating vulnerability management."

Thor Olavsrud is a contributor to eSecurityPlanet.com and a former senior editor at InternetNews.com. He covers operating systems, standards and security, among other technologies.