NeXpose 3.0, One 64 IP fixed license to allow scanning of 64 specific IP addresses lists at $8,750; two fixed Class C licenses list at $40,000; prices include one year of support, upgrades and vulnerability subscriptions. Rapid7, (866) 7RAPID7, (212) 558-8700. www.rapid7.com
Beyond Security Automated Scanning Server 1.4
Beyond Security's Scanning Server was the least mature of the products we tested. The Web-based interface is difficult to work with and lacking in features; it rarely performed as expected. Simple tasks, such as initiating a scan, failed almost as often as they worked, especially when attempting to scan our entire test base (four Class C networks). Report extraction is an interesting process because the only method by which to obtain reports is via an e-mail (albeit, there is a secure e-mail option).
Scanning Server did a decent job finding the more hazardous vulnerabilities plaguing our network (35 percent overall), however, so it might seem an OK pick for smaller organizations--until you consider the cost. This turnkey system has a price tag of around $12,000! Beyond Security needs to beef up its product, lower its price, or both.
Automated Scanning Server 1.4, as tested, server (hardware and software), including a license to scan 100 specific IPs an unlimited number of times: $12,000. Beyond Security, (800) 801-2821, (323) 882-8286. www.beyondsecurity.com
We modeled our vulnerability-assessment tests on real-world conditions. Our approach was straightforward: We deployed 27 devices of different types--Windows, Linux, BSD, NetWare, Solaris, firewalls, routers and switches--with varying levels of patches and ran each scanning solution against this environment to identify known vulnerabilities. We then compared the results, measured the time each scanner took to complete the scans, and noted the state of the target systems after the scanner completed its job.
Although the task of testing 11 VA scanners against a static environment and comparing the results may seem simple, we found the exercise far from easy. Each product offers a different set of features, has different configuration methods and covers various applications and OSs to varying degrees. But what really plagued us was the comparison method: How do you evaluate hundreds of vulnerabilities--sometimes close to a thousand pages of text--across 11 products?
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
