Version 4.0 of Foundstone Inc.s namesake vulnerability scanner and reporting tool offers refined role-based administration, new ways to handle remediation tickets and new ways to group scanned objects to create more efficient polling. IT managers at large organizationsespecially those that must distribute vulnerability scanners but also need tight control over weaknesses revealed by the scansshould consider this product as an in-house alternative to managed service offerings from companies such as Qualys Inc.Released last month, Foundstone 4.0 costs $35,000 when it comes as an appliance on a 1U (1.75-inch) rack-mountable server, called the FS1000, with licenses to monitor 500 IP addresses. A software-only version of Foundstone 4.0 costs $30,000 with the ability to monitor 500 IP addresses. eWEEK Labs tested the appliance version. Foundstone 4.0 hones vulnerability assessment not only by looking at registry settings on Windows systems but also by using Windows Management Instrumentation and extensive integration with the Windows operating system to identify configuration weaknesses. It also scans Linux and Unix systems. However, even Foundstone 4.0s extensive checkswhich rival those of competitors, including eEye Digital Security Inc.s Retina Network Security Scannerwere not enough to eliminate false-positive identifications during our tests. Click here to read about how eEyes Retina Security Suite keeps Continental Airlines networks up and running. In one case, Foundstone 4.0 identified a vulnerability based on using information from the MBSA (Microsoft Baseline Security Analyzer). Unfortunately, Foundstone 4.0 failed to account for an erroneous dependency in MBSA and issued a report to us indicating that we should apply a year-old hot fix to a fully patched Windows 2000 Server. This kind of false positivewhich company officials quickly fixed after we notified themdemonstrates that vulnerability assessment still requires art to bolster the rapidly advancing science. And the science has advanced rapidly: Foundstone 4.0 correctly identified misconfigured systems throughout our test. Although Foundstone 4.0 gains much-needed refinement in role-based administration, IT managers will have to invest substantial staff time to run the product. For example, even though the enhanced Web interface was supposed to make testing easier, we still had to do a lot of manual configuration work because we were using the dual-NIC configuration to monitor two networks. In fact, we were constantly forced back into the client interface on the Foundstone FS1000 appliance to manually select the appropriate interface for each scan. This was particularly irksome for scheduled scans. We eventually got the system to routinely scan the internal test network, but we always had to manually configure the scan of the public-facing network. Using Foundstone 4.0s new "threat compliance view," we easily grouped our Apache Web servers, then scanned them for compliance with a configuration standard. As the scan ran day by day, we could see when changed servers werent configured to our specifications. Version 4.0 is much easier than previous versions to administer; administrative roles can be assigned with tightly controlled limits, which IT managers at large organizations will find useful. Labs Technical Director Cameron Sturdevant is at email@example.com. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Click here to read eWEEK Labs review of the QualysGuard Enterprise Intranet Scanner service and two other vulnerability assessment tools.