Our wish list items: Being able to export raw data to additional formats (currently raw data can be exported in XML, HTML and MHT only), integration with a ticketing system and greater integration with enterprise asset-classification efforts.
QualysGuard Intranet Scanner $2,995; price of annual subscription service depends on number of hosts scanned. Qualys, (800) 745-4355, (650) 801-6100. www.qualys.com
Harris is on to something with STAT Scanner--it not only scans a very wide array of vulnerabilities but also incorporates policy/registry checking and remediation. This product lets an administrator set registry, log and user policies that can be manually or automatically updated upon detection.
One area that sets STAT Scanner apart from peers is its noninvasive nature. This product doesn't offer a "safe scan," because it doesn't need it. However, this design is both an asset and a liability. Because there are no unsafe scans available, the risk of target meltdown is almost completely mitigated (we still recommend caution because we did encounter a few application issues); however, this product does require authentication for each and every target, and failure to provide such authentication will result in a tremendous number of false positives and false negatives.
We attempted scanning without any authentication parameters on several hosts; the system simply indicated that the open port might be a Trojan. This could be a serious problem for large organizations, particularly those with varied administrative realms. This limitation hinders the ability to scan a large number of nonsimilar networks without a great deal of intervention and departmental cooperation. Although administrators can create authentication groups and assign those groups usernames and passwords, we still see this as crippling.
Finally, STAT was incapable of assessing our NetWare servers. Although STAT will attempt to assess other system types, it is best-suited for Microsoft and Unix environments.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
