Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VA Scanners Pinpoint Your Weak Spots: Page 7 of 16

When it comes to reporting, STAT Scanner offers the widest array of export options we've seen. Out of the box, STAT Scanner results can be exported to .MDB format, with all database tables and even a couple of query tables preformatted for Microsoft Access. There are also several reports to choose from, each of which can be exported into various formats, such as CSV, Excel, Word, Lotus and HTML.

Harris offers STAT Analyzer to complement STAT Scanner. STAT Analyzer uses Ipswich's What'sUpGold for system monitoring and inventory; can execute and control Nessus Vulnerability Scanner and Harris' STAT Scanner; and can import test results from ISS' Internet Security Scanner. The result is a complete report of aggregated data from multiple scanners, likely producing a larger percentage of detected vulnerabilities than any one system alone.

STAT Scanner Professional Edition 5, as tested with a 50-node license and a one-year maintenance license, $1,995. Harris Corp., (888) 725-7828, (321) 727-9100. www.stat.harris.com


The only area we found lacking with Retina was its ability to detect the vulnerabilities we laid out for it. Unfortunately, that hurt its score considerably. On the bright side, eEye's enterprise version of Retina is a fully distributed model that uses Microsoft SQL for data storage and a management and aggregation server to control remote scanners. What's more, eEye has incorporated multiuser authentication, much better reporting than its nonenterprise version (though exportability is still a bit lacking), and a comprehensive ticketing system, similar to that used by Foundstone.

It's evident that Retina enterprise was built to scale, and it should suit larger organizations quite well. We look forward to seeing what eEye has to offer in the future. Although Retina's Unix scanning capability is a bit lacking, the product did find a large percentage of the Windows vulnerabilities--pushing its overall percentage of detected vulnerabilities to about 55 percent.

We would like to see more integration with corporate asset-classification efforts, more detection capabilities and some additional options for exporting reports.