Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
R E V I E W  
VA Scanners Pinpoint Your Weak Spots

  June 26, 2003
  By Kevin Novak


>> continued from previous page

SAINT 4.3
TOC Issue TOC
Printer Print full article
Printer Print this page
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Wants & Needs
arrow
 Foundstone Enterprise and FoundScan Engine 2.6
arrow
 Qualys QualysGuard Intranet Scanner
arrow
 Harris Corp. STAT Scanner Professional Edition 5
arrow
 eEye Digital Security Retina Network Security Scanner
arrow
 Vigilante.com SecureScan NX 2.6.50
arrow
 SAINT 4.3
arrow
 nCircle Network Security IP360 Vulnerability Management System 5.3
arrow
 Other Products Reviewed
arrow
 How We Tested
arrow
 Web Links
arrow
 Report Card

SAINT proved a formidable opponent but unfortunately, like every other scanner, it sails in some areas, sinks in others. SAINT's vulnerability coverage was above average, and its price is right, but we felt the product could be improved on the management and reporting fronts.

Although SAINT takes a bit more know-how than do the products from Foundstone, Qualys and nCircle, it runs over a standard Linux distribution and has the easiest install script we've seen over a Linux command shell. We highly recommend the Express plug-in (www.saintcorporation.com/products/saint_express.html); without it, performing updates is a tedious process. We hope SAINT will build Express into the standard product in the future.

The most annoying problem was with adding IP addresses. You'd think this should be a simple task, but not so: To enter address ranges from multiple subnets, you must pull from a text file. If any address fails, the entire scan fails, but not necessarily right away. On several occasions we had to wait for half an hour before SAINT bombed on one address that we'd entered incorrectly. SAINT would benefit from a more intuitive interface for programming multiple addresses and address blocks.

Although SAINT doesn't offer much in the way of exportable reports, it does provide some well-designed prebuilt reports and lets you create your own. SAINT's reports make extensive use of hyperlinks--letting us jump from an address to an explanation of that entire system and so on; unfortunately, we soon found ourselves lost in the jumps. We believe that a dynamic reporting interface would prove much more efficient than simple hyperlinks. SAINT is a good solution for small-to-midsize organizations, but it doesn't have the aggregation capabilities needed for larger enterprises.

SAINT 4.3, 10 hosts: $639; Class C: $2,495; 500 hosts: $5,195; auditing licenses: $395 to $9,495, SAINT Corp., (800) 596-2006, (301) 656-0521. www.saintcorporation.com

start top  Vigilante.com SecureScan NX 2.6.50 nCircle Network Security IP360 Vulnerability Management System 5.3 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers