When you find a critical security problem on your network, you naturally want to work as quickly as possible to fix it. The trouble is, an attacker often can find the problem before you do, especially if it has to do with a known vulnerability to a given device or operating system.

nCircle Network Security, Inc. this week announced a new feature for its IP360 Network Exposure Management System designed to remedy that problem. The feature enables the IP360 to communicate with attached Check Point firewalls, and have the firewalls shut down traffic to any device in which the IP360 finds a serious security vulnerability.

The IP360 is an appliance that monitors network traffic and devices, looking for changes that could result in security vulnerabilities. When it finds a vulnerability, it evaluates the risk relative to predefined policies defined by the customer.

Previously, the device would simply alert the customer to any risk it finds, and provide information on potential fixes. The new Block on Exposure feature enables IP360 to work with Check Point VPN-1/Firewall-1 software to block traffic to any device with a newly discovered exposure that is considered unacceptable according to the customer's security policy. By extension, the feature also will work with appliances from companies like Nokia that have the ''Secured by Check Point'' certification.

The IP360 can be updated as often as every day with information on new security vulnerabilities to operating systems, devices and applications. Block on Exposure can then feed off that information to give enterprises a way to keep up with the most serious new security vulnerabilities.

Block on Exposure is available as a free update to existing IP360 customers. Pricing starts at $150,000.