BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Since SAINT first released its vulnerability scanner in 1998, the company has bolstered the product's feature set, as well as added the SAINTexploit penetration testing tool and SAINTCloud service to its product portfolio.
SAINT 8 Security Suite, the latest version as of this writing, is a vulnerability management software product that is sold as a virtual machine instance of the software. SAINT also sells a portable "mini" and an enterprise rack-mounted preconfigured appliance, both referred to as SAINTbox appliances. The virtual appliance (the self-contained software version) is the most popular deployment choice by SAINT customers. SAINTCloud is a cloud-based service that scans external targets, although options are available to manage local SAINT 8 Security Suite deployments, as well.
Like other vendors' vulnerability scanners and management products, SAINT Security Suite scans operating systems, database applications and web applications to identify assets and detect vulnerabilities. SAINT 8 Security Suite reaches both internal and external targets, and can be set up with multiple scanners over a distributed network. Although SAINTCloud is designed to scan external targets, customers can get the option to manage SAINT 8 installations for internal scanning, as well.
The web interface and wizard-driven configuration means SAINT takes relatively little time to deploy. Signature databases for either implementation are updated regularly.
Both SAINT Security Suite and SAINTCloud integrate vulnerability assessments with penetration testing, perform configuration assessments and offer enterprise-grade remediation ticketing. In addition, SAINT Security Suite's scan results can be imported into IBM's QRadar security information and event management platform, and SAINT is compatible with Cisco FireSIGHT Management Center -- formerly Sourcefire -- for analysis and flag correlation.
How it works
SAINT 8 Security Suite comes with a web-based console that enables customers to manage a single scanner or multiple scanners located across a distributed environment. The interface is easy to use and highly configurable, showing top 10 vulnerabilities by severity, top 10 vulnerable hosts, security trends and analytics. SAINT provides flexibility in prioritizing vulnerabilities -- customers don't have to stick with the usual High-Medium-Low levels provided by the scanner.
For example, a customer may associate vulnerabilities with various industry-specific severity codes, such as Payment Card Industry (PCI) severity codes and Common Vulnerability Scoring System numeric scores. Dashboard tools enable customers to switch between different dashboards and select data sets (and severity information) for specific compliance regulations, such as PCI Data Security Standard, HIPAA and the Federal Information Security Management Act. Customers can also run a host of reports from templates, including compliance reports, or create custom reports as needed.
SAINT's assessments and reports conform to the NIST Security Content Automation Protocol version 1.2 and are validated as an Authenticated Configuration Scanner and for Common Vulnerabilities and Exposures content.
Pricing, licensing and support
A small network (Class C) license costs under $5,000 for a virtual appliance. The mini and enterprise rack-mount appliances start at $995 and $2,600, respectively. A license number is required for appliance configuration.
Customer support is included free of charge as part of the licensing cost of SAINT 8 Security Suite, as is maintenance for hardware appliances. Basic support with a four-hour response time is available through the customer portal (MySAINT) during typical business hours and days; advanced support for 24/7 response, dedicated contacts and other benefits is available for a fee.
SAINT provides product documentation and instructional videos through the MySAINT portal. Customers may take a two- to four-hour, web-based, instructor-led course that covers installation and setup, which may be customized for the customer's needs.
SAINT also offers a FAQ, case studies, white papers and a handful of videos on the company's website. Prospective customers can request an online demo or a free trial license to test SAINT products in their own environments.
In part one of this series, learn the basics of vulnerability management tools
In part two, read about enterprise use cases for vulnerability management
In part three, discover the purchasing criteria for vulnerability management tools
In part four, compare the leading vulnerability management products on the market