Review: McAfee Hercules Policy Auditor

By on
Review: McAfee Hercules Policy Auditor

The Hercules Policy Auditor and Remediation Manager were formerly known as Citadel Hercules. These products have one very unique feature in that they can process the output from popular vulnerability scanners.

Pretty much any scanner that uses the CVE (common vulnerability exploit) numbering scheme and use the product to remediate the vulnerability. The Hercules product supports a large number of operating systems including several variants of Unix, Linux, Microsoft and Mac systems.

Installation of Hercules Policy Auditor and Remediation Manager is quite tricky. The Policy Auditor appears only to install on Windows 2003 Servers with no Active Directory components installed, but the product, Internet Information Server, and Microsoft SQL Server. Once the underlying OS is configured, the installation can begin.

The Policy Auditor has four main components: the download server, the main Hercules server, the channel server and the reporting server. Each component requires some attention to detail, and you need to refer to the documentation frequently.

There are many PDFs available for this product, all of them indexed and searchable. We found the installation and quick-start guides to be the most valuable in this test.

McAfee offers many different levels of paid support for the Hercules product. Options vary from 8-to-5 to 24/7 phone support. The website offers primarily PDFs and white papers for download. Typically, we like to see some level of free support as well as forums, FAQs and other self-service support capabilities.

The McAfee Hercules product is at the upper end of cost when compared with other tools tested in this group, but it is also quite feature-rich and includes support for many different operating systems.

It is quite clear that Hercules is aimed at very large organisations. Cost of ownership, of course, must be considered in context with additional cost of support. This is not an inexpensive product, but, considering its target implementation, the value for the money is good.

For: Support for many OS, can take input from vulnerability scanners
Against: The product is difficult to install and very complex to manage
Verdict: For the largest enterprises this product might be a fit, but it would require a significant time investment to configure and administrate it adequately.

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?