Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Security
R E V I E W  
VA Scanners Pinpoint Your Weak Spots

  June 26, 2003
  By Kevin Novak


>> continued from previous page

Harris Corp. STAT Scanner Professional Edition 5
TOC Issue TOC
Printer Print full article
Printer Print this page
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Wants & Needs
arrow
 Foundstone Enterprise and FoundScan Engine 2.6
arrow
 Qualys QualysGuard Intranet Scanner
arrow
 Harris Corp. STAT Scanner Professional Edition 5
arrow
 eEye Digital Security Retina Network Security Scanner
arrow
 Vigilante.com SecureScan NX 2.6.50
arrow
 SAINT 4.3
arrow
 nCircle Network Security IP360 Vulnerability Management System 5.3
arrow
 Other Products Reviewed
arrow
 How We Tested
arrow
 Web Links
arrow
 Report Card

Harris is on to something with STAT Scanner--it not only scans a very wide array of vulnerabilities but also incorporates policy/registry checking and remediation. This product lets an administrator set registry, log and user policies that can be manually or automatically updated upon detection.

One area that sets STAT Scanner apart from peers is its noninvasive nature. This product doesn't offer a "safe scan," because it doesn't need it. However, this design is both an asset and a liability. Because there are no unsafe scans available, the risk of target meltdown is almost completely mitigated (we still recommend caution because we did encounter a few application issues); however, this product does require authentication for each and every target, and failure to provide such authentication will result in a tremendous number of false positives and false negatives.

We attempted scanning without any authentication parameters on several hosts; the system simply indicated that the open port might be a Trojan. This could be a serious problem for large organizations, particularly those with varied administrative realms. This limitation hinders the ability to scan a large number of nonsimilar networks without a great deal of intervention and departmental cooperation. Although administrators can create authentication groups and assign those groups usernames and passwords, we still see this as crippling.

Finally, STAT was incapable of assessing our NetWare servers. Although STAT will attempt to assess other system types, it is best-suited for Microsoft and Unix environments.


When it comes to reporting, STAT Scanner offers the widest array of export options we've seen. Out of the box, STAT Scanner results can be exported to .MDB format, with all database tables and even a couple of query tables preformatted for Microsoft Access. There are also several reports to choose from, each of which can be exported into various formats, such as CSV, Excel, Word, Lotus and HTML.

Harris offers STAT Analyzer to complement STAT Scanner. STAT Analyzer uses Ipswich's What'sUpGold for system monitoring and inventory; can execute and control Nessus Vulnerability Scanner and Harris' STAT Scanner; and can import test results from ISS' Internet Security Scanner. The result is a complete report of aggregated data from multiple scanners, likely producing a larger percentage of detected vulnerabilities than any one system alone.

STAT Scanner Professional Edition 5, as tested with a 50-node license and a one-year maintenance license, $1,995. Harris Corp., (888) 725-7828, (321) 727-9100. www.stat.harris.com

start top  Qualys QualysGuard Intranet Scanner eEye Digital Security Retina Network Security Scanner 

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Data Centers Gone Wild
February 22, 2010
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll