Issue TOC Print full article Print this page E-Mail this URL Discuss this article Flame the author     In this article Introduction Wants & Needs Foundstone Enterprise and FoundScan Engine 2.6 Qualys QualysGuard Intranet Scanner Harris Corp. STAT Scanner Professional Edition 5 eEye Digital Security Retina Network Security Scanner Vigilante.com SecureScan NX 2.6.50 SAINT 4.3 nCircle Network Security IP360 Vulnerability Management System 5.3 Other Products Reviewed How We Tested Web Links Report Card

Tenable Nessus Appliance 1.0 with Tenable Lightning 1.1 | BindView Corp. bv-Control for Internet Security 7.2 | Rapid7 NeXpose 3.0 | Beyond Security Automated Scanning Server 1.4

Tenable Nessus Appliance 1.0 with Tenable Lightning 1.1

Tenable Lightning is a commercial front-end and correlation solution for the popular Nessus open-source scanner. Lightning adds some additional scanning and reporting capabilities; the ability to ticket and comment on found vulnerabilities; the ability to deploy scan sensors across the enterprise; and the integration of output generated by Nessus Scan and various network intrusion-detection systems, such as Bro, Dragon, RealSecure and Snort. By combining VAs with IDSs enterprises can see a detailed picture of how an open vulnerability might be an active compromise within their environments.

Although we did find several enhancements to Tenable's new Nessus front end, we found drawbacks as well. For instance, administrators no longer have a real-time display of the scanner's progress, and attempting to stop an active job sent us deep into the CLI, where we had to remove the active scan file manually. There's no mistaking this is still a new product, and it requires knowledge of the back-end OS--Linux--to make things happen.

Lightning is off to a good start. More comprehensive reporting, additional work with the ticketing interface, more granularity for user permissions and an overall more user-friendly interface, and Tenable might take Nessus to bigger and better places.

Tenable Nessus Appliance 1.0, $20,000. Tenable Network Security, (410) 872-0555. www.tenablesecurity.com

BindView Corp. bv-Control for Internet Security 7.2

Bv-Control for Internet Security is only a small piece of BindView's complete bv-Control Suite, but it has a great deal of potential. The management interface, a snap-in to the Microsoft Management Console, is uncluttered and easy to understand. The application incorporates policy-compliance scanning and lets administrators fix some registry and policy vulnerabilities that appear in its reports.

Unfortunately, determining whether this product could locate all our vulnerabilities was an overwhelming task. Bv-Control reported more than 800 pages of results, but we found little evidence of CVE numbers. In fact, of the small percentage of vulnerabilities in our list (12 percent), only about half actually noted the CVE number; the other half were found by sheer grunt work.

Overall, like many of the other products we tested, bv-Control for Internet Security is strong on one front and weak on another. However, with more thorough tests and a richer reporting interface, this product would do quite well.

bv-Control for Internet Security, per IP address: $19.95; per class C subnet: $3,995; per class B subnet: $32,000; bv-Control for Internet Security requires the use of BindView RMS, which is priced at $1,995 for one nonconcurrent user. BindView Corp., (800) 813-5869, (713) 561-4000. www.bindview.com

Rapid7 NeXpose 3.0

If you can get past its retro, flashback-to-GEOS-in-the-mid-1980s look, this application has quite a bit to offer. The management interface is simple and offers many of the elements we look for in a scanner, plus a few extras, such as network monitoring/sniffing. However, it could not detect all our vulnerabilities, and it had an abnormally long hang time between starting a scan and producing results.

NeXpose's reports are clear and easy to read and can be exported to various database formats, including Oracle, Microsoft SQL and ODBC, as well as HTML, XML and text. One really helpful report created by Rapid7 is the Remediation Report, which clearly defines the steps needed to fix the vulnerabilities it detects, including the amount of time the repair should take. This product may not patch your servers automatically, but it does a fine job instructing how to do it manually. NeXpose's reports aren't very flexible about re-sorting and manipulating data, but we could have just as easily created our own reports once the data had been exported to a database.

NeXpose 3.0, One 64 IP fixed license to allow scanning of 64 specific IP addresses lists at $8,750; two fixed Class C licenses list at $40,000; prices include one year of support, upgrades and vulnerability subscriptions. Rapid7, (866) 7RAPID7, (212) 558-8700. www.rapid7.com

Beyond Security Automated Scanning Server 1.4

Beyond Security's Scanning Server was the least mature of the products we tested. The Web-based interface is difficult to work with and lacking in features; it rarely performed as expected. Simple tasks, such as initiating a scan, failed almost as often as they worked, especially when attempting to scan our entire test base (four Class C networks). Report extraction is an interesting process because the only method by which to obtain reports is via an e-mail (albeit, there is a secure e-mail option).

Scanning Server did a decent job finding the more hazardous vulnerabilities plaguing our network (35 percent overall), however, so it might seem an OK pick for smaller organizations--until you consider the cost. This turnkey system has a price tag of around $12,000! Beyond Security needs to beef up its product, lower its price, or both.

Automated Scanning Server 1.4, as tested, server (hardware and software), including a license to scan 100 specific IPs an unlimited number of times: $12,000. Beyond Security, (800) 801-2821, (323) 882-8286. www.beyondsecurity.com