 |
|
|
VA Test Results Axent Enterprise Security Manager We did not include Axent ESM in the performance test runs, since it is purely a host-based scanner, more concerned with enterprise-wide policy auditing and enforcement. It performed well in our overall evaluations, however, proving itself to be powerful, flexible and easy to use, with excellent reporting capabilities. It also supports a wide range of host platforms, and would make an ideal companion to any of the more “conventional” VA products tested here. Click here to return to Axent ESM Review NetRecon was the product that gave us most cause for concern. Concern, that is, in that it made our test systems appear almost trivial to break into, reporting, as it did, over 1700 vulnerabilities on the first run!
Time taken to scan 3 machines: 11 minutes 41 seconds The problem with being so thorough, of course, is that the resulting report is simply too large to handle and so is almost as bad as having no report at all. To be fair to Axent, it was our methodology that was largely at fault here, since we insisted on running the heaviest scan available on all products. Axent recommends you start with the Light scan, fixing the problems found there before moving on to the Medium scan. Having fixed the problems discovered there, only then should you attempt to run the Heavy scan, by which time the resulting report should be much smaller. When we re-ran the tests using the Medium scan instead, we came up with the following results:
This proved to be a much more manageable report, and NetRecon found all the obvious security flaws we had left in place following our default installations. The reports were clear and easy to read (if somewhat extensive on occasion) and the simple operation makes it straightforward to use by those administrators who are not security specialists. Click here to return to Axent NetRecon Review With HackerShield we created a new Security Check group that included every check in every category except for the unsafe Denial of Service checks. On running this we were presented with a fairly short report, compared to the other products on test, with the following results:
Time taken to scan 3 machines: 12 minutes 14 seconds These results are a little worrying, and indicate that BindView still has some way to go to increase the HackerShield vulnerability database to a similar standard to the competition. The reports were accurate in the information they returned, however, and were very clear and easy to read. HackerShield also provides an auto-fix capability for some vulnerabilities, and that feature, combined with the simple reports and user interface, may appeal to the less security-literate administrator (although it would have to be compared carefully against NetRecon if such a consideration were paramount). Click here to return to BindView HackerShield Review With CyberCop Scanner we created a new Template containing all the “default” vulnerability checks – this is a “safe” setting within CyberCop that selects every check except those which are likely to crash the machine being scanned. The following results were obtained:
Time taken to scan 3 machines: 2 minutes 55 seconds This report was clear, easy to read, and contained all the vulnerabilities we expected to find. In addition, CyberCop Scanner allows a high degree of “tweaking” of the scan configuration as well as a scripting language that can be used to create custom attacks, thus making it much more attractive to the security professional (though it is no more difficult to use than any of the other products tested). The most outstanding feature of this set of results is the time in which they were achieved – less than three minutes to scan all three machines. Click here to return to NAI CyberCop Scanner Review Networks Vigilance NV e-secure For the NV e-secure test we selected the default policy named “Safe Scan”. This includes all Test Cases (vulnerability checks) except those that will cause Denial of Service on the machine being scanned. The following results were obtained:
Time taken to scan 3 machines: 22 minutes 22 seconds There is probably still some work to be done to increase the size of the e-secure vulnerability database (and to improve the performance), but it is hard to perform a direct comparison with other products because e-secure reported in some detail on a number of Test Cases that were run and returned an “undetermined” status rather than an absolute fail, and these were not included in the above figures. Some VA products might report these as vulnerabilities to err on the side of caution. However, we determined that the number of vulnerabilities discovered was acceptable, and all those which we expected to be found were included in the e-secure reports. The reports are clear and easy to read, and e-secure also provides the most complete on-screen monitoring and analysis capability of the products tested here. In addition, it is the only product we tested that is capable of using remote scanning engines to perform scans behind firewalls in a distributed environment, as well as determine the exact firewall filter rules in effect between the scanner console and remote firewall probe. That, together with the high degree of flexibility in configuring test parameters, should make e-secure of great interest to most security professionals. The fact that the more esoteric scanning parameters are well hidden behind a Wizard-type interface, will also make e-secure attractive to the less security-literate administrator. Click here to return to Networks Vigilance e-secure Review Click here to return to the IDS Index Section
|
 |
Send mail to [email protected] with
|
