Review: Cenzic Hailstorm Enterprise ARC 5.5

By on
Review: Cenzic Hailstorm Enterprise ARC 5.5

Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.5 is a centrally managed web-application assessment product. It consists of a web-based dashboard and a separate, stand-alone desktop application component for customising projects, scan settings and policies.

The product installed easily on our test server. It is compatible with Windows 2000/XP/2003 and requires at least IIS 5.0 for its web server. It also installs a copy of MySQL for its backend database. Although Cenzic recommends that main components be installed separately, they can all be installed on the same machine, albeit with some small challenges.

From an activation perspective, we would have preferred a simpler method, since receiving a valid licence from Cenzic requires first sending them a machine ID and waiting for the licence to be emailed.

The web interface is well designed and easy to navigate. Overall, the product's enterprise-class features are apparent and administrators can control user access through roles and customised central management. The product performed adequately in our scanning tests and discovered all the vulnerabilities we expected it to.

From an administration perspective, the solution really shines. Policy and configuration edits are typically done by power users, while scanning tasks can be performed by developers or quality-assurance staff through role-based access control out of the box. Reports and dashboard views are slick and intuitive.

Administrators will welcome the ability to mirror their production applications using a VMWare sandbox, which eliminates any impact to production. An option to integrate reports from competitors is an interesting feature that some organisations may find useful.

The web-based documentation is thorough and well-organised, with well-placed and evenly distributed screenshots.

Support for the Hailstorm is adequate. Cenzic offers office-hour support included with the base subscription, or a 24/7 option for ten per cent of the subscription price. The company's website features a support phone number, a request form and a handful of technical white papers.

Pricing for Hailstorm Enterprise ARC is based on an annual subscription and starts at $26,000. Pricing includes the product, plus a support option.

For: Integration with VMWare is a unique and useful feature, great configuration and control over scanning environment
Against: Nothing we found
Verdict: A true enterprise-class product with some impressive options and customisations. Best Buy

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?