Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

R E V I E W

VA Scanners Pinpoint Your Weak Spots

June 26, 2003
By Kevin Novak

>> continued from previous page

Foundstone Enterprise and FoundScan Engine 2.6

	Issue TOC
	Print full article
	Print this page
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Wants & Needs
	Foundstone Enterprise and FoundScan Engine 2.6
	Qualys QualysGuard Intranet Scanner
	Harris Corp. STAT Scanner Professional Edition 5
	eEye Digital Security Retina Network Security Scanner
	Vigilante.com SecureScan NX 2.6.50
	SAINT 4.3
	nCircle Network Security IP360 Vulnerability Management System 5.3
	Other Products Reviewed
	How We Tested
	Web Links
	Report Card

FoundScan was one of the most polished products we tested. Its management interface is clean, understandable and relatively stable, though we did lock up several times during invasive scans. We especially liked being able to restrict user access, allowing multiple levels of administrative control. This feature fits well with a product that also offers a ticketing system for remediation of identified vulnerabilities.

Although Foundstone didn't offer much in the way of data export, its HTML reports were clean, relatively easy to understand and could be sorted in a variety of ways, letting administrators efficiently view reports. Furthermore, because the scanner writes directly to a Microsoft SQL Server, organizations can build their own reports by directly accessing the system's databases.

What this product lacks in reporting it makes up for with its remediation ticketing system, which lets enterprises share the "vulnerability joy" among network and security administrators. The only other product we saw with this type of system was eEye's Retina. Unfortunately, these ticket systems don't integrate with other helpdesk/trouble-ticket software.

Foundstone allows a great deal of flexibility for tuning performance. VA administrators can change the total number of concurrent threads, the overall scan acceleration, the packet interval and the total number of scan objects allowed. Although we found the defaults solid for the test group we were scanning, performance can be adjusted to scan a larger test group more efficiently.

Foundstone's vulnerability database exceeds 2,000 entries, but it detected only about 50 percent of our vulnerabilities. Unfortunately, the 50 percent mark wasn't all that shabby compared with its rivals: No product came close to detecting all the vulnerabilities.

As a side note, similar to other products on the market, Foundstone has preconfigured several scanning templates for one purpose or another. The "safe scan" template is intended to prevent target system outages during scanning. Unfortunately, we did encounter outages with NetWare using the "safe scan." In fact, Foundstone's Web crawler feature caused that outage. Fear not, though: Novell has a patch for that DoS. The key to remember here is that no automated scanner is completely safe; caution should always be used.

Overall, we felt that Foundstone offers a substantial bang for the buck. With any luck, the next release will take care of some of the reporting shortfalls, stabilize the system during invasive tests, maybe even integrate the two separate management interfaces into one complete front end. We'd also like to see more integration with an organization's asset-classification effort. When asset classification is calculated with vulnerability severity, an enterprise can better direct its resources to the areas that need the most protection, and these are features Foundstone identified on its road map.

Foundstone Enterprise with FoundScan Engine 2.6, starts at $15,000. Foundstone, (877) 91-FOUND, (949) 297-5600. www.foundstone.com