Vulnerability Assessment Tool Filters False Positives | eWeek

Vulnerability Assessment Tool Filters False Positives

Dec 12, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

All vulnerability assessment tools initially create large numbers of false positives. Making the situation worse, its nearly impossible to correctly detect patch levels and operating system and application versions when no standard exists for the uniform reporting of this information.

So its no surprise that, according to every vulnerability assessment tool weve ever seen in eWEEK Labs, the sky is falling.

When IT managers go shopping for a vulnerability assessment tool, it is therefore imperative that they evaluate the process whereby false positives can be systematically eliminated from vulnerability reports. In other words, they must ask: “Is there a good way to turn down the volume of false positives without missing the really bad stuff?”

/zimages/5/28571.gifClick hereto read to read a review of Latis Networks StillSecure VAM 5.3.

Latis Networks Inc.s StillSecure VAM 5.3 does a good job of handling the vulnerability assessment workflow and also monitors the repair process. When a vulnerability scan is completed, the results are processed. The first step in the workflow confirms that the reported problem actually exists. IT staff who confirm vulnerabilities will need to be expert at understanding what the StillSecure VAM rule was looking for and what conditions will trigger a positive response.

StillSecure VAM 5.3, like many other vulnerability detection tools, starts with nondamaging probes of scan targets. It determines operating system and application versions based on standard responses, such as a routine banner announcing the operating system. It is almost impossible to determine if a patch has been applied to the scan target because while patches ably correct internal code, almost none modify the version response banner of an operating system or application.

By including the role of confirmer in StillSecure VAM 5.3, Latis sets a workflow milestone and distinguishes StillSecure VAM 5.3 from competitors. Once a vulnerability is found not to exist—because a patch has been applied, for example—the rule result will be ignored in subsequent scans. Over time, this significantly reduces the false positives reported by StillSecure VAM 5.3.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.