Version 4.0 of Foundstone Inc.s namesake vulnerability scanner and reporting tool offers refined role-based administration, new ways to handle remediation tickets and new ways to group scanned objects to create more efficient polling.
Click here to read the full review of Foundstone 4.0.
2
Version 4.0 of Foundstone Inc.s namesake vulnerability scanner and reporting tool offers refined role-based administration, new ways to handle remediation tickets and new ways to group scanned objects to create more efficient polling.
IT managers at large organizations—especially those that must distribute vulnerability scanners but also need tight control over weaknesses revealed by the scans—should consider this product as an in-house alternative to managed service offerings from companies such as Qualys Inc.
Released last month, Foundstone 4.0 costs $35,000 when it comes as an appliance on a 1U (1.75-inch) rack-mountable server, called the FS1000, with licenses to monitor 500 IP addresses. A software-only version of Foundstone 4.0 costs $30,000 with the ability to monitor 500 IP addresses. eWEEK Labs tested the appliance version.
Foundstone 4.0 hones vulnerability assessment not only by looking at registry settings on Windows systems but also by using Windows Management Instrumentation and extensive integration with the Windows operating system to identify configuration weaknesses. It also scans Linux and Unix systems.
However, even Foundstone 4.0s extensive checks—which rival those of competitors, including eEye Digital Security Inc.s Retina Network Security Scanner—were not enough to eliminate false-positive identifications during our tests.
In one case, Foundstone 4.0 identified a vulnerability based on using information from the MBSA (Microsoft Baseline Security Analyzer). Unfortunately, Foundstone 4.0 failed to account for an erroneous dependency in MBSA and issued a report to us indicating that we should apply a year-old hot fix to a fully patched Windows 2000 Server.
This kind of false positive—which company officials quickly fixed after we notified them—demonstrates that vulnerability assessment still requires art to bolster the rapidly advancing science. And the science has advanced rapidly: Foundstone 4.0 correctly identified misconfigured systems throughout our test.
Although Foundstone 4.0 gains much-needed refinement in role-based administration, IT managers will have to invest substantial staff time to run the product.
For example, even though the enhanced Web interface was supposed to make testing easier, we still had to do a lot of manual configuration work because we were using the dual-NIC configuration to monitor two networks.
In fact, we were constantly forced back into the client interface on the Foundstone FS1000 appliance to manually select the appropriate interface for each scan. This was particularly irksome for scheduled scans. We eventually got the system to routinely scan the internal test network, but we always had to manually configure the scan of the public-facing network.
Using Foundstone 4.0s new “threat compliance view,” we easily grouped our Apache Web servers, then scanned them for compliance with a configuration standard. As the scan ran day by day, we could see when changed servers werent configured to our specifications. Version 4.0 is much easier than previous versions to administer; administrative roles can be assigned with tightly controlled limits, which IT managers at large organizations will find useful.
Labs Technical Director Cameron Sturdevant is at cameron_sturdevant@ziffdavis.com.
Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page