By Andrew Garcia  |  Posted 2005-08-22 Print this article Print

Citadel Security Software Inc.s Hercules 4.0 Enterprise Vulnerability Management Suite, along with the optional new Hercules Security Appliance, significantly eases implementation of a robust vulnerability management solution.

The Hercules 4.0 suite, which shipped in June, improves oversight and control over the network, separating auditing and remediation functions and providing several avenues of redress for proactive and reactive responses.

In the past, eWEEK Labs has found it quite a chore to get Hercules up and running, but, with Hercules Security Appliance, administrators can avoid installation and hardware acquisition complications.

Hercules Security Appliance is available in three models that have different client licenses. All three models have a 1U (1.75-inch) server with a 3GHz Intel Corp. Pentium 4 processor, 2GB of RAM, a pair of mirrored 120GB SATA (Serial ATA) hard drives and two Gigabit Ethernet network adapters.

The appliance comes preinstalled with Microsoft Corp.s Windows Server 2003 and SQL Server 2000, as well as Citadels Hercules 4.0 Suite, which includes Hercules Compliance Manager, Remediation Manager, AssetGuard and ConnectGuard components.

Licensing options range from perpetual licenses to a new pay-as-you-go fee model. Using two HS 1500-10 Hercules Server Appliances to manage 1,000 workstations and 1,000 servers, a perpetual license costs $62,220 to manage the workstations and $120,000 to manage the servers, with a 20 percent annual maintenance fee. A two-year subscription costs $43,560 and $83,580, respectively, per year. (The maintenance fee is included.) The Security-On-Demand pay-as-you-go model costs 75 cents for individual remediation actions and 10 cents for every compliance audit action. However, there is also a $1,000-per-month service fee for standard support and maintenance.

Hercules 4.0s new Quick Start administration panel significantly eases administration. The Quick Start screens walked us through client discovery, inventory, remediation and reporting, allowing us to get up and running quickly.

With Hercules 4.0, auditing and remediation actions are carried out separately by Hercules Compliance Manager and Hercules Remediation Manager. We easily scheduled periodic checks for policy conformance and separately scheduled remediation jobs for any vulnerabilities found.

Hercules 4.0 supports several third-party vulnerability scanners. We used Tenable Network Security Inc.s NeWT (Nessus Windows Technology) scanner, a Windows-based port of the popular Nessus scanner, to identify and scan some of our network devices, and we imported the data into Hercules with no trouble.

Remediation Manager includes more than 24,000 distinct remediation actions—offering patches, fixing misconfigurations, and removing unwanted services or unsecured accounts for most operating systems, including Windows, Sun Microsystems Inc.s Solaris, Hewlett-Packard Co.s HP-UX, Apple Computer Inc.s Mac OS, and Red Hat Inc.s Red Hat Enterprise Linux and older versions of Red Hat Linux.

Interestingly, Hercules now includes checks and cleaning instructions for several common spyware strains. Detection of these threats worked flawlessly in tests, but we had trouble completing cleaning actions. According to Citadel officials, some spyware remediation requires administrators to deploy the Internet Explorer Administration Kit for the latest version of IE—even if the vulnerable hosts browser is already up-to-date.

To keep vulnerable systems from affecting the rest of the network, Hercules 4.0 includes ConnectGuard, a host-based quarantine feature. When a device joins the network, ConnectGuard blocks the clients ability to transmit to all network devices, except the Hercules server. Once a host adheres to the prescribed policy, ConnectGuard allows it to fully join the network.

Hercules 4.0 provides a number of in-depth reports, and we particularly liked the interactive nature of the reporting display. Executive-level reports clearly displayed our security posture across the network, and, from the report, we could easily drill down for more specific details .

However, included reports are particular to each server. Companies wishing to create reports across multiple Hercules servers should look into the new Enterprise Reporting module, which is sold separately for a whopping base price of $50,000, plus a $2,500 connection fee for each Hercules server.

Next page: Evaluation Shortlist: Related Products.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel