Retina Network Security Scanner, $995; management console, $15,000. eEye Digital Security, (866) 339-3732, (949) 349-9062. www.eeye.com
SecureScan NX has a well-designed user interface and several slick features, such as in-scan vulnerability review and the ability to select scan type by risk, service, platform, impact CVE and several others.
We ran into problems, though, during large scans of multiple networks. We locked up the application several times before getting a good clean scan, especially while attempting to identify hosts based on TCP and UDP scans, instead of simply ICMP. Once we worked out the bugs, however, we were able to obtain a good result, and SecureScan NX stood up well against its peers at detecting vulnerabilities; in fact, SecureScan NX detected the largest number--65 percent--of vulnerabilities in our test group.
Although SecureScan NX's reporting is good, we would have liked a remediation explanation in the main body of the report rather than being forced to follow a link to Vigilante's Web site to obtain it.
SecureScan NX 2.6.50, as configured for this test $635 for 10 IPs/year. Vigilante.com, (503) 579-3464. www.vigilante.com
SAINT proved a formidable opponent but unfortunately, like every other scanner, it sails in some areas, sinks in others. SAINT's vulnerability coverage was above average, and its price is right, but we felt the product could be improved on the management and reporting fronts.
Although SAINT takes a bit more know-how than do the products from Foundstone, Qualys and nCircle, it runs over a standard Linux distribution and has the easiest install script we've seen over a Linux command shell. We highly recommend the Express plug-in (www.saintcorporation.com/products/saint_express.html); without it, performing updates is a tedious process. We hope SAINT will build Express into the standard product in the future.