This article can also be found in the Premium Editorial Download "Information Security magazine: What are botnets and how can you prepare for them?."
Download it now to read this article plus other related content.
Price: Starting at $15,000
|Visionael Enterprise Security Protector 3.0|
Visionael's Enterprise Security Protector 3.0 combines Nessus-based scanning with a comprehensive dashboard to facilitate the vulnerability management lifecycle.
Visionael Enterprise Security Protector 3.0 (ESP) is an integrated reporting and vulnerability scanning tool, whose great value lies in its ability to manage and track vulnerabilities workflow from discovery to remediation.
The Web-based interface and dashboard give security managers a view of the current status of enterprise systems: up-to-date information on the SANS Top 20 vulnerabilities, current risk level, trending, enterprise vulnerabilities, business risk ranking breakdown and ticketing.
ESP conducts asset discovery through ICMP ping sweeps (OS detection can be enabled via TCP stack fingerprinting). Scan jobs are conducted by IP address range and scan name, and can be scheduled or run on demand. Although powered by Nessus, the scan scheduler had less granularity in the initial settings than the open-source scanner. For example, Nessus allows you to configure plug-ins with more than 2,900 unique settings; Visionael is more general, allowing you to choose between Unix and Windows systems, network appliances, etc., by selecting a checkbox in the scan setup.
Once the scan is completed, a series of tree menus show you the number of discovered high-, medium- and low-risk vulnerabilities. Accessing specific results is straightforward and easy to navigate. Risk is measured on a one-to-five scale, based on Visionael's criticality ratings and user definitions of the asset's importance. Clicking on a scan job opens a pop-up window for defining report information.
The job-ticketing and status-tracking functions are among ESP's most useful features. Users can employ Visionael's proprietary Web-based ticketing system or Remedy Action Request System to assign remediation tasks. Tickets are created and tracked through the centralized interface as open, resolved or closed. ESP can verify all remediation.
Data can be exported for analysis, but reporting doesn't go much beyond open-source tools' capabilities: You can easily build a Web-reporting capability with the MYSQL data export feature of Nessus; whipping up some simple PHP pages to report is a snap with Nessus and Apache serving up the data.
Overall, we liked Visionael Enterprise Security Protector's nice layout and ease of use. The dashboard allows security managers to manage the current scan and vulnerability posture of the enterprise. While the reporting and scanning capabilities don't go much beyond its open-source capabilities, its ability to manage the vulnerability lifecycle from discovery to validation makes ESP a worthy product.
This was first published in March 2005