nCircle's IP360 Vulnerability Management System
Price: Starts at $26,000
Vulnerability management is more than running VA scans and applying patches or configuration changes. Without policies and processes to identify, prioritize and remediate vulnerabilities and validate fixes, enterprises can be overwhelmed, and their most critical systems exposed to threats.
nCircle's appliance-based IP360 Vulnerability Management System can help large organizations mitigate vulnerabilities in a methodical way, providing systematic asset management, vulnerability identification, in-trusion detection correlation and robust reporting.
IP360's architecture is built for scale; distributed Device Profiling appliances employing nCircle's proprietary scanner gather vulnerability information from any IP device and feed it to the central management appliance, VnE Manager. One VnE Manager can manage approximately 50 distributed Device Profilers.
From the VNE Manager, security managers can quickly assess the current security posture of their organization, from enterprise-wide view to the device-level. Automated workflow and ticketing allow organizations to initiate and track remediation efforts.
nCircle has created an easily understandable and straightforward Web-based management interface divided into four logical components: Administer, Discover, Analyze and Respond.
The exception is the interface for selecting vulnerabilities for which you want to scan. The nCircle model is based on continuous scanning, which they say is how most of their customers use the product. However, the interface is poorly suited if you want to create targeted scans. The vulnerabilities are listed in a small, fixed window and aren't organized, nor are they identified by OS or application.
The Administer control panel is designed to fully manage the system's configuration, including the database, software upgrades and diagnostics.
The Discover panel is the heart of the security system, where managers can create vulnerability scans, schedule scans and view their progress.
The Analyze and Respond panels run snapshot and trending reports on the environment's vulnerability status, and manage the internal ticketing system for identified vulnerabilities, respectively. IP360 issues serviceable technical reports for operational managers and executive-level reports—top vulnerabilities, systems showing most vulnerabilities, etc. IP360 also has a useful "scoring" report, based on user-designated system priority and the number and severity of vulnerabilities reported. This is useful for viewing trending and establishing priorities.
The Respond component also permits security managers to access and configure IP360 information to be sent via SNMP traps to third-party network and security applications, such as SIMs, IDSes, patch management tools, ticketing systems and network management systems.
IP360 has tight integration with Cisco Systems IDS/IPS tools through an add-on product, IDS nTellect—a value for customers already invested in Cisco security.
As an appliance, it's pretty easy to get IP360 up and running. The only steep learning curve will come if you want to leverage nCircle's proprietary vulnerability scripting language, Advanced Security Profiling Language (ASPL), to develop custom VA rules for particular configurations or custom apps.
nCircle's IP360 Vulner-ability Management System is a viable choice for large organizations that are faced with the challenge of gaining control over their security processes, particularly those invested heavily in Cisco security.
This product review originally appeared in the July 2005 issue of Information Security magazine.