ThreatGuard Inc.

Visit online at


The ThreatGuard security management solutions enable organizations to quantify and manage their risks in ways not available until now. With the development of a series of Java based solutions, ThreatGuard's products allow users to gain insight into the security stance of an enterprise. From UNIX-based servers to Microsoft-based desktops, from PDA's to distributed computing environments, the security of a corporation can be defined and evaluated from one desktop. ThreatBox Industry Differentiators.

Ease of use

Clients and evaluators have repeatedly commented on how easy the ThreatBox is to setup, integrate, and start using effectively. Major competitors require formal training or hours of reading documentation to get started. ThreatBox configuration is very simple, and the gathered data is organized in a sensible and intuitive manner. This allows a user with average networking skills to use the tool out of the box.

Continuous Vulnerability Scanning

Rather than perform its tasks a single time and halt, the ThreatBox constantly re- checks the IP address ranges it has been assigned, keeping track of changes, new machines, new vulnerabilities, and patched vulnerabilities... and even tracking machines if they move from one network to another. Major competitors will, at best, perform a continuous host discovery. However, normal operations in competing products include only a once-and-done scan.

Real-time Alerts

"Real-time alerts" is typically a feature of Intrusion Detection/Prevention Systems. The concept of being notified of new vulnerabilities on the network within moments of being introduced is new to the industry. New vulnerabilities can be introduced by powering up a new computer on the network, by reconfiguring or upgrading an existing computer, or by a new vulnerability test being downloaded and installed. The system can be configured to notify the network administrator the moment the new vulnerability is detected.

Comprehensive Backdoor Discovery

Competing scanners focus on “high priority” ports, well-known ports on which services are commonly established. Knowing there are only a few hundred well- known UDP and TCP ports respectively, a hacker will typically setup a backdoor on any one of the other 65,000+ other ports. Scanners typically forego the full scan due to time constraints. Patent-pending technology allows the ThreatBox to scan all 130,070 TCP and UDP ports in minutes vice days. So, those backdoor services camped out on your obscure ephemeral ports will be found.

Hierarchical Enterprise Coverage

Multiple ThreatBoxes can be tied together with a designated "Master" acting as a central controller over the others. This allows centralized security posture reporting across a large enterprise while still keeping sub-network administrators focused on the problems in their respective areas.

Automated Updating

Many competing products have failed to adopt the 'anti-virus' approach to keeping vulnerability signatures up to date. Since new vulnerabilities are announced on a daily basis, networks need to be scanned continuously to ensure the latest vulnerabilities are surfaced. It follows that the scanner needs to run the latest tests to assess the latest vulnerability. Automated Updating makes this concept a reality.

Workflow Management

Competing products have gone so far as to point out a myriad of problems on the target network. However, knowledge of a problem without a plan to resolve it quickly leads to frustration and apathy. ThreatBox, on the other hand, can automatically assign new vulnerabilities to specified system experts. Automatic escalation ensures that supervisors and/or backup technicians are made aware of issues that linger longer than desired.

Comprehensive, Rich Reporting

Although export options do exist, they are not required to turn the raw scan data into insightful depictions of security posture. Furthermore, the reports cover all levels of the organization, from high-level Executive Summary Reports to fully detailed Host- and Vulnerability-Level Reports that describe exactly how to fix security problems.


As a network appliance, the ThreatBox represents an ideal platform from which to deploy various complementary security products. Such products could include a training system, intrusion detection/protection system, security policy server, and many more.

Platform Independence

The ThreatBox Navigator Graphical User Interface (GUI) was implemented in Java for easy deployment to the user’s platform of choice. The product can therefore be used by Windows-centric offices, Solaris labs, and even Macintosh ‘orchards’ without introducing a foreign Operating System.

Direct OVAL Compliance

The ThreatBox has a unique ability to understand the Open Vulnerability Assessment Language (OVAL) as provided by MITRE and execute the tests against remote targets. Other OVAL assessment tools require local access to the workstation being tested, not a viable option for assessing an entire enterprise. Using OVAL tests directly to perform tests over the wire represents a major breakthrough in vulnerability assessment technology, as it greatly decreases the window of exposure in the vulnerability discovery to vulnerability test creation process.