ISS Internet Scanner

 
 
By Cameron Sturdevant  |  Posted 2003-07-14 Print this article Print
 
 
 
 
 
 
 


ISS Internet Scanner

ISS Internet Scanner 7.0, released in April, is a solid vulnerability assessment tool, but it worked more slowly than any of the other tools in our tests. The product does integrate with a wide range of security management tools, which is an important consideration.

EXECUTIVE SUMMARY
Internet Scanner 7.0
Internet Security Systems Internet Scanner 7.0 works with a number of other scanners from ISS, as well as a central management and configuration console called SiteProtector 2.0, making it a tempting overall package. However, it was painfully slow during eWEEK Labs tests. Internet Scanner 7.0 starts at $1,223 for 10 IP addresses and includes SiteProtector 2.0 and first-year maintenance. As with STAT Scanner, it will take IT staffers up to a week or more to become competent operators of the product.
KEY PERFORMANCE INDICATORS
USABILITY GOOD
CAPABILITY EXCELLENT
PERFORMANCE FAIR
INTEROPERABILITY GOOD
MANAGEABILITY GOOD
SCALABILITY GOOD
SECURITY GOOD
  • PRO: Integrated with ISS security platform; straightforward interface; good platform and vulnerability detection.

  • CON: Significantly slower than other tools.

  • EVALUATION SHORT LIST
    Foundstones Foundstone Enterprise Symantecs Symantec Vulnerability Assessment
    But when we say ISS Internet Scanner ran slowly, we really mean slow: One scan of 16 nodes in our testbed took more than 20 minutes. In contrast, QualysGuard Enterprise did the same scan, looking for almost three times as many vulnerabilities, in just a few minutes. Both systems were running on a network with a low utilization rate.

    In fact, when we used the Ixia 1600 Traffic Generator to lay down a base-line load of 25 percent bandwidth utilization on our network, all the products suffered heavy performance drops, but none as bad as ISS Internet Scanner. These controlled, repeatable tests revealed performance gaps that will be less obvious in a production network, but will be a consideration, nonetheless.

    ISS Internet Scanner ably identified most of the machines in our tests, with the exception of misidentifying Windows Server 2003 systems as Windows XP systems. The scan reports did not generate any significant false positives.

    Based on our review of several reports generated by ISS Internet Scanner 7.0 and the explanatory information provided by the product, we think most IT organizations will get immediate assistance by using the product. Internet Scanner 7.0 is also backed up by ISS X-Force, a comic-book-sounding name for a group of security experts who research vulnerabilities and assess threats and potential remedial actions.

    We looked at the scalability of all the products and were impressed with ISS SiteProtector 2.0 as a way to manage Internet Scanner along with other security tools from ISS, including the RealSecure Network, RealSecure Server and Proventia appliances. Although the combination of these intrusion detection and attack-stopping tools was impressive, we hope that ISS will integrate into one system its Server, Database and Wireless scanners—tools that complement Internet Scanner and will allow IT organizations to more effectively scan enterprise systems.

    Internet Scanner 7.0 and QualysGuard Enterprise will identify as many potential targets in the network as possible, even if the product license does not support the number of targets found. This is an emerging trend that will be a real benefit to IT departments, especially those involved in a merger with another company or undergoing internal consolidation.

    Internet Scanner 7.0 starts at $1,223 for 10 IP addresses.



     
     
     
     
    Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel