Foundscan Roots Out Problems
The latest version of Foundstone Inc.s vulnerability assessment application provides fast, comprehensive scanning and generates reports that not only detail possible vulnerabilities but also provide a big picture of a businesss entire network layout. Using FoundScan 2.5, enterprise IT managers can identify problems and figure out some of their underlying causes. During tests of FoundScan 2.5, which shipped last month, eWeek Labs was impressed by the many options for configuring tests and the extensive information provided in FoundScan reports. We also liked the products portal feature, which made it possible to control distribution of reports and manage vulnerability handling.Like many other vulnerability assessment vendors, Foundstone also provides a managed service version for companies that dont want to run the software internally. The hosted version of FoundScan 2.5 costs about $43,000 for an annual contract in a small-to-midsize company. Foundstone sells the self-hosted version of FoundScan in a pre-built Windows 2000 configuration. Some companies may find it convenient to purchase FoundScan in this turnkey configuration, but we would prefer an option to install the application on our choice of hardware. This would also bring the price of the system down. FoundScan offers a multitude of configuration options, but its default settings will be ideal for most network test situations. Once we defined the IP address ranges for our organization and set the test parameters, the vulnerability scan began immediately. FoundScan was very fast during our evaluation, testing 10 IP addresses in less than 7 minutes and testing our entire Class C network in less than 30 minutes. The really nice thing about FoundScan is that its speed doesnt come at the expense of reporting depth. FoundScan performs detailed and deep scans, checking all ports and digging deep into Web applications. FoundScan reports list vulnerabilities as High, Medium and Low risks. We found it simple to drill down into each vulnerability to find the affected systems and to get detailed information on the vulnerability itself. The reports detail how a vulnerability affects systems and how to patch, fix or work around the problem. Also included, when applicable, is the CVE, or Common Vulnerabilities and Exposures, naming information on the vulnerability. This allowed us to get more information from the vulnerability database at cve.mitre.org. Its important to remember that FoundScan performance may be affected by the other applications running on the network. Our first two tests with FoundScan took well over 3 hours. After several checks, we realized that the sluggish performance was caused by the LaBrea anti-worm tool that was running on our network. When we turned off LaBrea, FoundScans performance improved significantly. We could choose to generate a report from any one test or even combine tests to get a report over time. Reports can be generated as HTML or as XML, which is useful for importing reports into other analysis systems. Most companies will likely choose to generate HTML reports, which can be easily shared over a secure intranet and are among the most accessible weve seen in this type of product. It was easy, for example, to drill down into the reports and to offer basic information for nontechnical staff or detailed analytical data for IT security. Most competing products, including the open-source Nessus Project scanner, generate dense reports that are often too overwhelming to be effective. One of the most useful features in the product is the FoundScan portal, which creates a secure, access-controlled system for delivering report information. The portal also includes a basic help-desk-like system that allows IT managers to assign tickets for vulnerabilities to specific personnel. Like all vulnerability scanning tools, FoundScan delivered a few false positives. However, none were among High risk findings. FoundScan makes it simple to either update the product on demand or look for updates on a regular schedule.
FoundScan 2.5s pricing is based on the number of IP addresses to be scanned within a company. For example, a small-to-midsize company with about 128 in-use IP addresses will pay $30,000.