By Cameron Sturdevant  |  Posted 2004-09-06 Print this article Print

Version 4.0 of Foundstone Inc.s namesake vulnerability scanner and reporting tool offers refined role-based administration, new ways to handle remediation tickets and new ways to group scanned objects to create more efficient polling.

IT managers at large organizations—especially those that must distribute vulnerability scanners but also need tight control over weaknesses revealed by the scans—should consider this product as an in-house alternative to managed service offerings from companies such as Qualys Inc.

Click here to read eWEEK Labs review of the QualysGuard Enterprise Intranet Scanner service and two other vulnerability assessment tools.
Released last month, Foundstone 4.0 costs $35,000 when it comes as an appliance on a 1U (1.75-inch) rack-mountable server, called the FS1000, with licenses to monitor 500 IP addresses. A software-only version of Foundstone 4.0 costs $30,000 with the ability to monitor 500 IP addresses. eWEEK Labs tested the appliance version.

Foundstone 4.0 hones vulnerability assessment not only by looking at registry settings on Windows systems but also by using Windows Management Instrumentation and extensive integration with the Windows operating system to identify configuration weaknesses. It also scans Linux and Unix systems.

However, even Foundstone 4.0s extensive checks—which rival those of competitors, including eEye Digital Security Inc.s Retina Network Security Scanner—were not enough to eliminate false-positive identifications during our tests.

Click here to read about how eEyes Retina Security Suite keeps Continental Airlines networks up and running. In one case, Foundstone 4.0 identified a vulnerability based on using information from the MBSA (Microsoft Baseline Security Analyzer). Unfortunately, Foundstone 4.0 failed to account for an erroneous dependency in MBSA and issued a report to us indicating that we should apply a year-old hot fix to a fully patched Windows 2000 Server.

This kind of false positive—which company officials quickly fixed after we notified them—demonstrates that vulnerability assessment still requires art to bolster the rapidly advancing science. And the science has advanced rapidly: Foundstone 4.0 correctly identified misconfigured systems throughout our test.

Although Foundstone 4.0 gains much-needed refinement in role-based administration, IT managers will have to invest substantial staff time to run the product.

For example, even though the enhanced Web interface was supposed to make testing easier, we still had to do a lot of manual configuration work because we were using the dual-NIC configuration to monitor two networks.

In fact, we were constantly forced back into the client interface on the Foundstone FS1000 appliance to manually select the appropriate interface for each scan. This was particularly irksome for scheduled scans. We eventually got the system to routinely scan the internal test network, but we always had to manually configure the scan of the public-facing network.

Using Foundstone 4.0s new "threat compliance view," we easily grouped our Apache Web servers, then scanned them for compliance with a configuration standard. As the scan ran day by day, we could see when changed servers werent configured to our specifications. Version 4.0 is much easier than previous versions to administer; administrative roles can be assigned with tightly controlled limits, which IT managers at large organizations will find useful.

Labs Technical Director Cameron Sturdevant is at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel