Hercules 2.0 from Citadel Security Software extends the automated vulnerability remediation and security policy compliance features of the software by offering greater user control and flexibility.

The latest version offers security administrators a list of sequential actions that Hercules will take to remedy specific vulnerabilities. Administrators approve or revise as they see fit.

New scheduling features allow administrators to control when vulnerabilities are resolved by schedule time, date and notification of reboot options. A "remediation on demand" feature enables resolutions to be applied to zero-day exploits, ones happening for the first time.

Improved rollback features allow configuration changes, patches and system settings to be rolled back after being applied if they cause unexpected problems. A patch installation features includes compliance checks and patch validation across Microsoft IE, SQL Server and Office applications, as well as across the Apache open source Web server.

Operating system support has been extended beyond Windows to Sun Solaris and Red Hat Linux. New multi-tier architecture support allows administrators to control multiple Hercules servers from a single console. Improved flexibility features enable devices to be groups logically by department, function or geography.

Remediation policy tools allow vulnerability remediation to be disabled when not approved for certain networks, and for overrides to be defined.

Hercules 2.0 is priced at $995 per server and $128 per workstation with discounts based on volume. Typical deal sizes for the company range from $100,000 to $1 million.

The most common vulnerabilities found by Hercules, said Citadel chief technology offier Carl Banzhof, relate to software defects such as unsecured accounts, misconfigurations, back doors and unnecessary services being available. They make up 20% to 30% of all discovered vulnerabilities.

"Patch tools don't deal with them. Administrators are forced to deal with them manually," he said.