Review: Critical Watch FusionVM

By Peter Stephenson

May 2 2013 12:14PM

FusionVM from Critical Watch offers both vulnerability management and configuration policy auditing in either a physical or virtual appliance or as a full, cloud-based SaaS option. If the SaaS option is chosen, customers can receive external scanning without any additional hardware or software needed. If scanning internally, the customer must install an appliance that connects to the cloud service for scanning.

This product offers many vulnerability and risk assessment options, including web applications, databases, third-party applications, and workstations and many others. It also includes a full compliance module that scans and reports on many compliance standards, such as Sarbanes-Oxley, GLBA, HIPPA, ISO 1779 and PCI DSS.

For our evaluation, we ran the product in the SaaS model with a physical scanner installed in our lab. The setup of the appliance was quite simple and only took a few minutes. We first plugged in the appliance and connected a monitor and keyboard. After the appliance was booted, we were able to login and configure the network and IP settings. Once those were completed, the scanning appliance was up and running with a connection directly to the Critical Watch cloud VPN. To launch a scan, we simply had to log into the Critical Watch web portal and set up a scanning job. We found the web portal to be quite easy and intuitive to navigate with a nicely organised layout. Scanning jobs can be set up to run on-demand or be scheduled to run at specific times.

Overall, we found Critical Watch FusionVM to be quite flexible and to have many features. Built in to the web portal is a remediation manager section, which allows for administrators to assign and track remediation tasks after a scan has completed. Also available are several charts, graphs and reports for viewing scan results based on hosts scanned, risk data and open services.

Documentation included a full PDF user guide that covered how to deploy and use the product. This was well organised and included many screenshots and detailed explanations of features and functions. Also included were many examples that helped illustrate more complex scanning and reporting procedures.

Critical Watch offers full 24/7 phone- and email-based technical support to customers as part of the SaaS subscription fee. Customers also have access to an online FAQ section, but that is about it for online-based support. At the current time, Critical Watch does not provide a web-based knowledgebase.

At a price starting at c£280 per month for 100 IPs for the SaaS service, or around c£26,887 for 1,000 IPs for the on-premise scanner, we find this product to be good value for money. We found the hybrid SaaS/appliance architecture to offer flexibility for deployment while providing a good amount of features and functionality.

Got a news tip for our journalists? Share it with us anonymously here.

Tags:

risk management security

Partner Content

AI Copilot: Breaking Down Silos & Securing the Future

Microsoft Copilot Partner Hub

Partner Content Australian organisations must act on security – or risk AI ambitions falling flat

Partner Content ElasticON Sydney 2025: Deriving value from your data with Search AI

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

"It's an exciting time to be part of the health and aged care sector"

Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security

Orro claims Australia first with managed digital asset discovery service

Woolworths' CSO is Optus-bound

Build once. Build right. The enduring power of Azure Landing Zones.

Lion builds an app to detect its beers on tap in venues

Tech giants' indirect emissions rose 150 percent in three years

icare signs $29m cloud renewal with AWS