By Andrew Garcia  |  Posted 2004-06-21 Print this article Print

Citadel Security Software Inc.s Hercules 3.0, which shipped last month, offers a streamlined administrative interface and compelling quarantine capabilities for vulnerable hosts. Hercules integration with many third-party vulnerability assessment tools and broad operating system support make Version 3.0 well worth a look.

Citadel offers perpetual licenses and two-year subscriptions for Hercules. Perpetual licenses start at $99 for Microsoft Corp.s Windows workstations, $499 for Windows servers and $995 for non-Windows hosts. Subscription prices for 1,000 units are $23 per device per year for Windows workstations, $80 for Windows servers and $135 for non-Windows hosts. This price scheme could give pause to companies with extensive Mac OS or Linux use on the desktop.

Host assessment

Hercules lets administrators import data from these common vulnerability assessment platforms:

  • eEye Digital Securitys Retina Network Security Scanner
  • Foundstone Inc.s FoundScan Engine
  • Harris Stat Scanner
  • Internet Security Systems Inc.s Internet Scanner and System Scanner
  • Microsofts Microsoft Baseline Security Analyzer
  • Nessus.orgs Nessus Project
  • Qualys Inc.s QualysGuard
  • Hercules capably addresses the never-ending stream of operating system and application patches and bug fixes and resolves unsecured accounts, unnecessary services, and potential back doors and Trojans. Hercules helps administrators cope with the voluminous data culled from industry-leading vulnerability assessment platforms (see chart), using their findings for proactive, automated scan-and-remediate sessions.

    Hercules has provided wide vulnerability remediation and integration with third-party scanners for a few years. Evening things up a bit, BigFix Inc.s BigFix Enterprise Suite now addresses many non-patch-related vulnerabilities, and PatchLink Corp. recently announced PatchLink Updates integration with Harris Corp.s STAT (Security Threat Advanced Technology) Scanner.

    However, Hercules continues to offer new features we havent seen in competitive products. We especially liked the new ConnectGuard feature, which quarantines mobile machines as they reconnect to the corporate network, allowing the Hercules Remediation Agent to assess them before permitting access to the rest of the network. This greatly lessens the potential threat from laptops that have been compromised or altered while disconnected from the corporate network.

    Version 3.0 offers some of the widest platform support weve seen, adding client agents and fixes for AIX 5.1 and 5.2, HP-UX 11.0, and Mac OS X 10.2 to its existing support for Windows (NT, 2000, 2003 and XP), Solaris and Red Hat Inc.s Red Hat Linux.

    In tests, we installed the Hercules Server, Channel Server, Download Server and Administrative Console on a Windows 2000 Server with Internet Information Services 5.0 and .Net Framework 1.1. Initial installation of Hercules was a drawn-out, multistep process that required us to install Microsofts Internet Explorer Administration Kit and fully licensed copies of WinZip Computing Inc.s WinZip and WinZip Self-Extractor to address IE-based vulnerabilities correctly.

    Hercules 3.0s administrative interface is more action-oriented and intuitive, but the workflow is still complicated. It took considerable tinkering to properly assign and schedule remediation tasks. The process became clearer as we considered and altered device groupings.

    We easily imported host vulnerability data from the STAT Scanner and Nessus.orgs Nessus Security Scanner, which identified many of the vulnerabilities on our test network of Windows- and Red Hat Linux-based client machines.

    Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

    Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

    Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

    Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel