Full Text

A vulnerability rated as a low risk this morning could turn into your worst nightmare tonight. To meet the ever-increasing speed with which exploits are written and propagated, traditional network-based vulnerability scanners have morphed into more full-scale vulnerability management products.

In our latest Clear Choice Test of eight products - assessing their accuracy in pinpointing holes in the network and their usefulness in addressing those vulnerabilities - we found vulnerability identification success rates are still low across the board and the scans can wreak havoc on wireless access points. They also can do damage to some printers, and can suck up network bandwidth and CPU utilization on target machines ( see How we did it, www.nwfusion.com, DocFinder:4538).

Vulnerability remediation and tracking are the major management features added to these products since our last test (DocFinder: 4525), providing mechanisms to assign and alert administrators to new vulnerabilities. These additions range from providing vulnerability remediation information to offering full-blown ticketing systems that automatically verify if an issue has been fixed.

Business analysis features have been included in many products. With this functionality assets can be given values - in terms of cash or business-critical value. How vulnerabilities potentially could affect business and give management a more accurate picture of the company's overall security posture can be correlated. A critical vulnerability on the core, Internet-facing system that generates revenue should be treated differently than a critical vulnerability on a system inside a test network that's isolated from the rest of the company for example.

The companies that provided products and/or services for this test are Lockdown Networks, nCircle Network security, PredatorWatch, Qualys, StillSecure, Tenable Network security, TraceSecurity andVisionael.EEye Digital security, Internet security Systems, Foundstone, NetlQ, Bindview and Harris declined. We also tested Citadel's Hercules ( see story page 52) and Sunbelt Software (DocFinder: 4539), but because they offer no scanning module or management features, respectively we could not directly compare them.

Qualys' QualysGuard is our Clear Choice winner based on its accuracy and strong management capabilities. NCircle's 1P360 comes in second, only slightly trailing Qualys in vulnerability identification and general ease of use. Visionael Enterprise security Protector and Lockdown's Auditor also rose to the top based on their developing management capabilities.

QualysGuard 3.3

QualysGuard - one of the...