Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VA Scanners Pinpoint Your Weak Spots: Page 5 of 16

As a side note, similar to other products on the market, Foundstone has preconfigured several scanning templates for one purpose or another. The "safe scan" template is intended to prevent target system outages during scanning. Unfortunately, we did encounter outages with NetWare using the "safe scan." In fact, Foundstone's Web crawler feature caused that outage. Fear not, though: Novell has a patch for that DoS. The key to remember here is that no automated scanner is completely safe; caution should always be used.

Overall, we felt that Foundstone offers a substantial bang for the buck. With any luck, the next release will take care of some of the reporting shortfalls, stabilize the system during invasive tests, maybe even integrate the two separate management interfaces into one complete front end. We'd also like to see more integration with an organization's asset-classification effort. When asset classification is calculated with vulnerability severity, an enterprise can better direct its resources to the areas that need the most protection, and these are features Foundstone identified on its road map.

Foundstone Enterprise with FoundScan Engine 2.6, starts at $15,000. Foundstone, (877) 91-FOUND, (949) 297-5600. www.foundstone.com


Qualys' internal scanning appliance is a gateway to its Internet-based scanning service. This setup is very similar to that of nCircle's IP360, where several scanning appliances reference a single management server for all configuration and vulnerability information. However, the management and aggregation server resides on Qualys' system, not at the customer location.

Organizations install the QualysGuard appliances inside their enterprises and administer them from the Internet-based interface. The gateway device simply makes outgoing SSL-encrypted requests to Qualys' servers, asking if there are any jobs to perform. If the appliance finds a job, it downloads it, and away it goes. In a nutshell, nothing is stored on the QualysGuard internal appliance. Scan requests, reports and even scan signatures reside on Qualys' network. Although this might seem like a strange model, it means you never have to worry about attack-signature updates. Because of its design, this system is an excellent choice for large enterprises wanting to deploy scanners throughout their networks.

Qualys' reports can be customized, and its vulnerability detection was acceptable, though we hope to see better coverage in the future. Tiered user privileges can be tailored to an organization's demands, and user preferences can be adjusted for dead-host scans, load-balancer detection and even password brute-forcing. To add a layer of device segregation, network hosts can be separated into groups, enabling security administrators to create itemized reports based on business criticality, for example.