Real Vulnerability Testing Tools Offer Actual Assessments, Not Just Hype

A good vulnerability assessment tool can stabilize the shifting terrain of threats to IT systems.

A good vulnerability assessment tool can stabilize the shifting terrain of threats to IT systems. But just about every configuration management, patch distribution and system monitoring tool these days comes with a "vulnerability assessment" utility, so IT managers face a challenge separating useful tools from creative marketing.

The good news is that most of these offerings actually can provide useful information to IT managers, including details about which systems are vulnerable to Internet worms and viruses.

The not-so-good news is that many of these tools dont provide much additional research about the threat, nor do they offer remediation instructions beyond the vendors terse commands.

LANDesk Software Inc.s Server Manager 8.5 includes a vulnerability assessment tool that uses standard information from Microsoft Corp. and Red Hat Inc. to assess server-specific application and operating system vulnerabilities. The vulnerability assessment tool is part of LANDesk Server Managers patch management system and uses LANDesk software distribution tools to ease the deployment of patches to affected systems.

/zimages/1/28571.gifClick here to read the review of Server Manager 8.5.

This integrated approach to system management is a good one, we believe, because all the utilities needed to protect vulnerable systems are rolled into a single product—and, in LANDesks case, a product with a proven track record. Because LANDesk Server Manager combines reports with software and hardware asset information, IT managers should be able to significantly reduce the time between vulnerability discovery and corrective action.

This isnt to say that LANDesk Server Managers approach is flawless. Although the management dashboard usually made the task of identifying system problems simple in eWEEK Labs tests, we still needed to manually dig around in the reports section to get detailed information about possible problems.

As with so many vulnerability assessment tools, LANDesk Server Manager depends almost exclusively on vendor data to provide information about vulnerabilities and the steps needed to remove them. Wed like to see vulnerability assessment tools take a role in prioritizing problems to ensure discovering and correcting the most severe defects—especially when it comes to system vulnerabilities.

LANDesk Server Manager uses ratings provided by vendors to prioritize problems. Although the critical problems such as known system buffer overflows are flagged, systems administrators still need to manually sort problems to get the worst ones to the top of the list. Our tests show that this task is easy enough that it should be automated in a subsequent release of the product.

When it comes to identifying and assessing vulnerabilities, we think tools such as LANDesk Server Manager can significantly reduce the time needed to correct problems. As attacks become more shrewd, however, these tools will need to take the next step and use additional information gathered from the server itself to make suggestions to IT staff as to the best approach to fixing problems.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.