Foundstone Finds Vulnerabilities | eWeek

Foundstone Finds Vulnerabilities

Sep 6, 2004
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Version 4.0 of Foundstone Inc.s namesake vulnerability scanner and reporting tool offers refined role-based administration, new ways to handle remediation tickets and new ways to group scanned objects to create more efficient polling.

Click here to read the full review of Foundstone 4.0.

2

Version 4.0 of Foundstone Inc.s namesake vulnerability scanner and reporting tool offers refined role-based administration, new ways to handle remediation tickets and new ways to group scanned objects to create more efficient polling.

IT managers at large organizations—especially those that must distribute vulnerability scanners but also need tight control over weaknesses revealed by the scans—should consider this product as an in-house alternative to managed service offerings from companies such as Qualys Inc.

/zimages/2/28571.gifClick hereto read eWEEK Labs review of the QualysGuard Enterprise Intranet Scanner service and two other vulnerability assessment tools.

Released last month, Foundstone 4.0 costs $35,000 when it comes as an appliance on a 1U (1.75-inch) rack-mountable server, called the FS1000, with licenses to monitor 500 IP addresses. A software-only version of Foundstone 4.0 costs $30,000 with the ability to monitor 500 IP addresses. eWEEK Labs tested the appliance version.

Foundstone 4.0 hones vulnerability assessment not only by looking at registry settings on Windows systems but also by using Windows Management Instrumentation and extensive integration with the Windows operating system to identify configuration weaknesses. It also scans Linux and Unix systems.

However, even Foundstone 4.0s extensive checks—which rival those of competitors, including eEye Digital Security Inc.s Retina Network Security Scanner—were not enough to eliminate false-positive identifications during our tests.

/zimages/2/28571.gifClick hereto read about how eEyes Retina Security Suite keeps Continental Airlines networks up and running.

In one case, Foundstone 4.0 identified a vulnerability based on using information from the MBSA (Microsoft Baseline Security Analyzer). Unfortunately, Foundstone 4.0 failed to account for an erroneous dependency in MBSA and issued a report to us indicating that we should apply a year-old hot fix to a fully patched Windows 2000 Server.

This kind of false positive—which company officials quickly fixed after we notified them—demonstrates that vulnerability assessment still requires art to bolster the rapidly advancing science. And the science has advanced rapidly: Foundstone 4.0 correctly identified misconfigured systems throughout our test.

Although Foundstone 4.0 gains much-needed refinement in role-based administration, IT managers will have to invest substantial staff time to run the product.

For example, even though the enhanced Web interface was supposed to make testing easier, we still had to do a lot of manual configuration work because we were using the dual-NIC configuration to monitor two networks.

In fact, we were constantly forced back into the client interface on the Foundstone FS1000 appliance to manually select the appropriate interface for each scan. This was particularly irksome for scheduled scans. We eventually got the system to routinely scan the internal test network, but we always had to manually configure the scan of the public-facing network.

Using Foundstone 4.0s new “threat compliance view,” we easily grouped our Apache Web servers, then scanned them for compliance with a configuration standard. As the scan ran day by day, we could see when changed servers werent configured to our specifications. Version 4.0 is much easier than previous versions to administer; administrative roles can be assigned with tightly controlled limits, which IT managers at large organizations will find useful.

Labs Technical Director Cameron Sturdevant is at cameron_sturdevant@ziffdavis.com.

/zimages/2/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

/zimages/2/77042.gif

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.