SekChek Provides Independent Reality Check of OS Security

By | June 27, 2006

Comparing Against Dynamically-Updated Data from Over 30,000 Systems in 85 Countries, Company´s Service Provides Quick, Thorough Evaluation of Any Host Operating System.

For most IT departments, one of the most difficult questions to answer is, “How secure is our computer environment?” Difficult not because of the lack of information…but because it begs the question, “Compared to what?”

Independent, objective, and reliable evaluation of a company´s computer security is the key deliverable of SekChek(R). Used by hundreds of corporations around the world, SekChek´s automated analysis quickly determines how a company´s security controls stack up against similar deployments–not in theory, but using current, real-world data.

Founded in 1996 by two IT security specialists from a Big Four accounting firm, SekChek has become a respected resource among internal IT auditors, IT systems administrators, Chief Security Officers and security service providers. The service provides a complete–not sample-based–review of host operating system security controls, analyzing every security object on the system including users, groups, and profiles. A detailed report is provided within 24 hours, guaranteed.

“Unlike packaged security software, SekChek provides a systems ´reality check´ based on real-world benchmarks that are continually updated,” said Andrew Chodelski, vice president of marketing for SekChek. “Many of the world´s most demanding clients depend on us, not only for comparisons but also for input into security best practices.”

Worldwide Database

SekChek does not sell software. It provides its security analysis as a subscription-based service, using proprietary extraction technology to obtain security details from the enterprise´s host operating system. Any kind of OS can be analyzed–AS/400, Windows NT/XP/2000/2003/XP, NetWare 4.x, 5.x, 6.x and all flavors of UNIX.

Once SekChek´s extraction software performs its work, the data is encrypted and transmitted to SekChek for processing. The resulting analyses are compared to SekChek´s unique database of summarized security data covering 30,000 discrete systems in 85 countries around the world. The security data, which has been cleansed to remove any trace of its corporate origins, is stratified according to operating platform, industry category, country of origin, and number of users. A rolling system of updates assures that the unique database information is continually up to date and relevant.

Reports are generated in the subscriber´s choice of Microsoft Word, Excel or Access formats. Findings can be interpreted according to a wide range of metrics: all industries, specific industry, internationally recognized best practices, or the company´s own security policy and standards. Unique time-based comparative analyses are presented in a trend graph format that can be used to substantiate security improvements for Sarbanes-Oxley reporting. Because SekChek reports can compare internal data over time, they are also useful for spotting anomalies consistent with tampering by current or former employees.

Subscriptions to SekChek cover any combination of services and operating system platforms. Pricing is set on a sliding scale and there is no time limitation on SekChek security checks. For more information about the SekChek security evaluation service, visit

Leave a Reply