Security Company Uses Google To Help Find VulnerabilitiesSecurity Company Uses Google To Help Find Vulnerabilities

Malicious hackers have long used Google to find vulnerable systems to exploit. Now, IT managers can use Google's enterprise search products to identify and patch those systems.

Security software maker Secure Elements on Tuesday joined the Google Enterprise Professional program, a partner program that makes it easier for developers, consultants, and independent software vendors to extend Google's enterprise products. The Herndon, VA-based company has done just that by bringing the capabilities of its C5 Enterprise Vulnerability Management Suite to Google's hardware.

The company's C5 Insight software, a version of its C5 suite, runs on a Web server in conjunction with the Google Search Appliance to index and search security settings, configuration files, and other security-related infrastructure across an organization's network. It allows IT managers to query for network vulnerabilities or possible compliance problems and receive relevant search results immediately, thanks to the index created by Google's search hardware.

The ability to rapidly search for network vulnerabilities can help provide efficient risk mitigation. That's because cyber threats tend to be most dangerous during the "vulnerability window" -- the time between the appearance of an exploit and the deployment of a defensive signature or patch,

Marcus Sachs, former White House IT security expert and now a deputy director in the Computer Science Laboratory at SRI International, calls Secure Elements' approach "ingenious" and observes that it will enable organizations to "use search technology to make things better."

"It should make the security manager's life a whole lot easier," Sachs says.