Unfortunately, determining whether this product could locate all our vulnerabilities was an overwhelming task. Bv-Control reported more than 800 pages of results, but we found little evidence of CVE numbers. In fact, of the small percentage of vulnerabilities in our list (12 percent), only about half actually noted the CVE number; the other half were found by sheer grunt work.
Overall, like many of the other products we tested, bv-Control for Internet Security is strong on one front and weak on another. However, with more thorough tests and a richer reporting interface, this product would do quite well.
bv-Control for Internet Security, per IP address: $19.95; per class C subnet: $3,995; per class B subnet: $32,000; bv-Control for Internet Security requires the use of BindView RMS, which is priced at $1,995 for one nonconcurrent user. BindView Corp., (800) 813-5869, (713) 561-4000. www.bindview.com
Rapid7 NeXpose 3.0
If you can get past its retro, flashback-to-GEOS-in-the-mid-1980s look, this application has quite a bit to offer. The management interface is simple and offers many of the elements we look for in a scanner, plus a few extras, such as network monitoring/sniffing. However, it could not detect all our vulnerabilities, and it had an abnormally long hang time between starting a scan and producing results.
NeXpose's reports are clear and easy to read and can be exported to various database formats, including Oracle, Microsoft SQL and ODBC, as well as HTML, XML and text. One really helpful report created by Rapid7 is the "Remediation Report, which clearly defines the steps needed to fix the vulnerabilities it detects, including the amount of time the repair should take. This product may not patch your servers automatically, but it does a fine job instructing how to do it manually. NeXpose's reports aren't very flexible about re-sorting and manipulating data, but we could have just as easily created our own reports once the data had been exported to a database.