assessment

Review: NetClarity Branch Auditor 5.0

Review: NetClarity Branch Auditor 5.0

Last year we reviewed NetClarity’s Enterprise Auditor product and we liked it a lot. This year we looked at its little sibling, the Branch Auditor. We were amazed at the power of this little handful of an appliance.
May 15 2007 12:00AM
Review: Rapid7 NeXpose

Review: Rapid7 NeXpose

Rapid7 NeXpose is, generally, an impressive appliance. Although it is a hybrid (vulnerability scanner and penetration test tool), the pen tool is used specifically to validate vulnerabilities and is not intended to be used alone. This is typical of the way an attacker would attempt to penetrate a target.
Apr 10 2007 12:00AM
Review: eEye REM Security Manager

Review: eEye REM Security Manager

We found the combination of the REM Security Manager and the Retina Scanner to be easy to use and deploy. In fact, ease of use is this product’s hallmark. The user interface is similar to MS Windows Explorer and is among the most intuitive we’ve seen.
Apr 10 2007 12:00AM
Review: Tenable Nessus 3

Review: Tenable Nessus 3

Nessus is one of the granddaddies of vulnerability scanners. Today, Nessus is not only a powerful open source product in its own right, it is the basis for some of the most powerful commercial vulnerability scanners available.
Feb 5 2007 12:00AM
Review: ISS Proventia Network

Review: ISS Proventia Network

The ISS Proventia Network Enterprise Scanner is part of a larger security management system and, as such, shows its best performance as part of that suite. We tested the product outside of the Proventia suite and we do not recommend this approach. The network scanner requires, at minimum, MS SQLServer and ISS Site Protector to support it. If all you need is a vulnerability scanner, this is not your best bet.
Feb 5 2007 12:00AM
Review: Saint Scanner + Exploit

Review: Saint Scanner + Exploit

We have been watching Saint a long time. Saint, as many old-timers may recall, began life as an open source version of Satan, one of the first serious open source vulnerability scanners. Eventually the tool was commercialised and it has maintained many of its open source roots.
Feb 5 2007 12:00AM
Review: Passive Vulnerability Scanner

Review: Passive Vulnerability Scanner

The Tenable Passive Vulnerability Scanner (PVS) is a most interesting product. It is truly passive in that it does not perform active scans of any kind. It is, simply, a very smart sniffer. The product depends for its usefulness on the way that it collects and reports vulnerability data. Since the PVS is always listening, it constantly collects information from the normal data flows on the network. This is superior to active scanners in two important ways.
Jan 29 2007 12:00AM
Chance assessment

Chance assessment

It’s time to get real when measuring risk against acceptable loss. Business needs a more intelligent approach, says Gary Flood
May 2 2006 3:10PM
Best Vulnerability Assessment

Best Vulnerability Assessment

Overall Category Winner and Winner for Best Patch Management: Shavlik HFNetChkPro 5.1, Shavlik Technologies, LLC
Mar 13 2006 7:09PM
Review: Auditor Enterprise

Review: Auditor Enterprise

NetClarity’s Auditor is a fine example of a fully featured appliance that offers not just vulnerability assessment, but also ties results to compliance and ongoing information systems audit programs. Beginning from the superb documentation and ending with the high value for the money, this product shines.
Feb 1 2006 12:00AM
Review: AZScan

Review: AZScan

AZScan has a way to go to become a world-class vulnerability assessment tool – the product is not intuitive. First, one needs to know quite a bit about the product being audited. Second, there is no online help or tool tips. Third, the menu choices don’t always behave as expected. Set-up seems easy at first, but details often don’t work.
Feb 1 2006 12:00AM
Review: BindView Control Compliance Suite

Review: BindView Control Compliance Suite

The BindView Compliance Control Suite includes bv-Control for Windows, bv-Control for Internet Security and Compliance Center. This is a very complex suite of products and is part of a complete compliance and assessment toolkit that offers virtually every view necessary of the security compliance status of an enterprise. This very strength makes configuration and use of the product difficult at first.
Feb 1 2006 12:00AM
Review: Core Impact

Review: Core Impact

Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
Feb 1 2006 12:00AM
Review: GFI LANGuard Network Security Scanner

Review: GFI LANGuard Network Security Scanner

This is a straightforward vulnerability scanner that also manages patch deployment. It can push patches and service packs out to target computers by means of a patch agent installed on the target. We found it generally competent and straightforward to install on our Windows 2000 notebook.
Feb 1 2006 12:00AM
Review: Nessus/NeWT

Review: Nessus/NeWT

Nessus has been a mainstay of vulnerability scanning since the Nessus Project was started by Renaud Deraison in 1998. The Nessus website claims that over 75,000 organizations worldwide use the program.
Feb 1 2006 12:00AM
Review: NeXpose

Review: NeXpose

As an appliance, NeXpose fits into our category of fully featured products, but it is also available as software only. Uniquely, Rapid 7 also offers a managed service for organizations with limited resources.
Feb 1 2006 12:00AM
Review: SAINT Scanner

Review: SAINT Scanner

Saint is a venerable product with its roots in the earliest days of automated vulnerability assessment. It has been dressed up in a new suit of clothes since becoming a commercial product, but retains its strong Unix roots.
Feb 1 2006 12:00AM
Vulnerability assessment (2006)

Vulnerability assessment (2006)

Vulnerability assessment and penetration testing should be critical parts of all organizations’ security operations. Peter Stephenson puts some top assessment products through their paces
Feb 1 2006 12:00AM
Automated Vulnerability Assessment: How to Underpin Your Security Investment

Automated Vulnerability Assessment: How to Underpin Your Security Investment

Many organizations are now relying upon the vital support that vulnerability assessment can offer as the fourth pillar of security.
Jan 12 2004 2:10PM
Has There Ever Been a Better Time to Talk Up Vulnerability Assessment?

Has There Ever Been a Better Time to Talk Up Vulnerability Assessment?

We often hear of prevention being better than cure.
Jan 12 2004 12:45PM

Log In

Username / Email:
Password:
  |  Forgot your password?