Vigilante SecureScan NX 2.4

Brief product description
SecureScan NX is a network vulnerability assessment tool that determines whether internal networks and firewalls are vulnerable to attacks, and recommends corrective action for identified vulnerabilities. 

Architecture � brief description
While most vulnerability assessment solutions are single point devices designed to scan individual or multiple remote IP hosts, SecureScan NX provides a distributed console-agent architecture which allows multi-level, multi-segment scanning of all subnets behind the firewall.  Furthermore, it provides a complete evaluation of the firewall filtering rules in place between the scanning agent and the console. This multi-level, multi-segment scanning enables assessments of any size networks and is more efficient than other solutions in the marketplace.

Documentation
 �Getting started� documentation (pdf) - FAQ (on the web)

What are the minimum/recommended console OS and hardware requirements?
SecureScan NX version 2.4 is currently supported on Windows NT 4.0 (SP4 at least is required) and Windows 2000.
To install SecureScan NX Console, you need:
an Ethernet or Token Ring network adapter
50 MB of free disk space
64 MB of RAM on Windows NT4, or 128 MB of RAM on Windows 2000.
Note that, because SecureScan NX Console uses a database, the disk space requirement will increase slightly as you use it.

To install SecureScan NX Remote Agent, you need:
an Ethernet or Token Ring network adapter
30 MB of free disk space
64 MB of RAM on Windows NT4, or 128 MB of RAM on Windows 2000.

On what platforms is this certified to run? Will it work on Windows 2000?
See above

At what layer of the protocol stack is the product working? Is a raw packet driver installed?
It depends on the need. SecureScan NX can work on TCP, UDP, IP or even MAC level
Yes, a proprietary packet driver is installed

Can multiple scanning engines be deployed and configured from a central console, i.e. define a single scanning policy centrally and deploy this to all scanners automatically?
Yes

Authentication between console and engines � Is it available? What algorithm/key lengths?
No authentication. The protocol is only encrypted using SSL V3.0

Secure logon for policy management?
No

How are policies distributed to scanners?
The main console has the policy and asks scanners to perform test cases according to this policy. The policy is not distributed to the scanners, just what to do is distributed to the scanners.

How are policy changes handled? Will the central console detect which scanning agents are using a changed policy and redeploy automatically, or does the administrator have to do this manually? Can it be done once from a central location or do all scanners have to be updated individually?
The policy is handled centrally by the main console and not by the scanners

How many attack signatures?
802 network attack signatures (on October, 5^th 2001)
129 attack signatures for firewall filtering rules (on October, 5^th 2001)
10-12 new test-cases added weekly.

Which platforms (i.e. NT, Windows 2000, Linux) and network resources (i.e. firewalls, routers, printers, Web/mail/FTP servers) are covered by the attack signatures? 
Hardware : Routers, Microsoft, Unix (HP, SCO, Sun, AIX, Irix, Linux)
Software : all protocols over IP (IP, ICMP, TCP, UDP, Mail, FTP, SSH, SNMP, �)

Can it perform accurate OS detection?
Yes, it uses nmap OS detection technology

What types of port scans can be performed?
TCP scan, UDP scan, ICMP scan

Can the administrator define custom attack signatures?
No

Can it perform true DoS attacks or is it just �banner grabbing�?
True DoS attacks

How are new attack signatures obtained and deployed? 
By the web. Upgrade packages are put on the SecureScan NX web server. On start-up, the customer is asked whether or not upgrade is wanted.

Frequency of updates? Provide dates of all updates in the last year.
1 upgrade per week with 10-12 test-cases per upgrade package

Can one signature update file be downloaded to the local network and used to update all scanners from a central location, or is it necessary to initiate a live connection to the Internet download server for each scanner?
Yes, upgrade package is controlled by the central Console and new test-cases are distributed to remote agents.

Can signature updates be scheduled and fully automated?
Yes, but customer has to confirm.

Are scan results available in real time during scan?
Yes

Are scan results (even as a summary) available on-screen following a scan without having to run a separate report?
Yes

Advice on preventative/corrective action when vulnerabilities found?
Yes, the vulnerability HTML page shows how to fix the problem

Capability to auto-fix certain vulnerabilities? If so, is there an �interactive mode� and/or an undo facility?
No

Automatic alerting if severe vulnerabilities are found during a scan?
Not at present, but vulnerabilities can be grouped by risk level.

Integration with other scanning/IDS products?
Not at present time

Management reporting � range of reports/custom reports/how easy is it to filter and extract detail? Different reports for technicians and management/end users?
Yes, three classes of report

Standard Reports

Summary Report : Provides vulnerability highlights including test results, statistics and indication of the security level of the assessed network.

Administrator Report : Provides a detailed report on the vulnerabilities found on each host sorted by remediation priorities.

Services Report: Provides a detailed report on vulnerabilities found sorted by service.

Host Report : Provides a detailed description per host tested including running services, open ports and number of vulnerabilities.

Risk Report : Provides a report on the vulnerabilities found sorted by Risk.

Technical Report  : Provides summary information on test cases played during the Job.

Differential Reports

Differential Summary Report Provides comparison and statistics between current and the previous job and shows evolution of the security level.

New Vulnerabilities Report : Provides a detailed report on new vulnerabilities found since the previous job.

Missing Vulnerabilities Report : Provides a detailed report on vulnerabilities that disappeared since the previous job.

Delta Hosts : Provides a detailed report on hosts status compares to the previous job.

Delta Services : Provides a detailed report on services status compares to the previous job.

Historical Reports

Vulnerabilities Trends Report : Provides statistics per volume and severity of vulnerabilities found for all the jobs performed historically within that session.

Remaining Vulnerabilities Report : Provides statistics per first reported data and severity of vulnerabilities found in the current job and existing in previous jobs within that session.

What are the limitations and restrictions on enterprise-wide alerting and reporting? Is it possible to combine reports from several scanners?
No

Report management � archiving? Can historical scans be consolidated/compared for trend analysis/comparisons
Yes 

Can scans/reports be scheduled for automatic production? Can the results be e-mailed to administrators or published straight to a Web site?
Yes, scan can be scheduled for automatic run.
Yes, result can be e-mailed
All the reports are HTML, allowing them to be placed on a web server if required

Does the product incorporate IDS evasion techniques to test IDS effectiveness? If so, describe in detail how these are implemented.
No

How is it licensed? How is the license enforced?
License file is encrypted and attached to a MAC address. This license file contains several parameters (IP ranges allowed, limitation date, Crash & DOS test cases allowed, �)

Any other unique selling points?
Available also as a Managed Service.

End user pricing
Annual prices for unlimited scanning:

Ongoing cost of maintenance/updates
The above prices are annual subscription prices, NOT one-off purchase payments � therefore there are no additional maintenance fees to be paid.

Click here to return to the Vigilante SecureScan Review
Click here to return to Vigilante SecureScan Results
Click here to return to the VA Index Section