Manage Learn to apply best practices and optimize your operations.

2006 Products of the Year: Vulnerability management

We asked. You answered. Here are your choices for best vulnerability management product of the year.

Foundstone Enterprise

McAfee made a savvy move when it acquired vulnerability management firm Foundstone in 2004. The Foundstone Enterprise product has been proven a hit with customers for its security, comprehensive features and overall quality, earning it a gold medal for vulnerability management.

Drawing on the expertise of Foundstone's consultant founders -- who wrote the best-selling Hacking Exposed -- the technology eases the pain of managing a multitude of vulnerabilities in operating systems, network devices and other infrastructure.

Available as software or the FS1000 appliance, Foundstone Enterprise provides an automated system for what can be time-consuming and cumbersome chores for an enterprise: mapping the network, prioritizing assets and probing for vulnerabilities.

At the core of McAfee's Foundstone Enterprise is FoundScan, the original name of Foundstone's vulnerability management solution. FoundScan's accuracy in

More information on vulnerability management

Check out previous vulnerability management Products of the Year.

Learn five ways to simplify the vulnerability management process.

Listen to this webcast and learn the best tools and tactics for vulnerabiilty management.

See the other 2006 Product of the Year winners.


identifying operating systems and matching vulnerabilities to target systems is top-notch, as is its ability to scan large-scale networks quickly.

The Foundstone technology "sets the standard for accurate assessment of exposures," says one enterprise security manager. More than any other competing product the company tested, it "shows adaptability to our global IP network" and also provides extensive management tools.

Foundstone Enterprise comes with a multi-user, role-based Enterprise Manager Web portal, which allows managers to schedule and monitor local or remote scans -- a boon for distributed enterprises. The portal gives managers a lot of flexibility in scheduling and tuning scans so they don't interfere with business operations. Scans can also be configured for specific parts of the network or for certain vulnerabilities.

An optional remediation component helps with one of the biggest headaches of all: making sure critical vulnerabilities are fixed. Based on vulnerabilities discovered in a scan, the module automatically creates tickets, assigns them to the appropriate employee for remediation and provides a way to verify that problems are actually fixed.

Another elective add-on is the threat correlation module, which supplies customers with threat intelligence alerts from the experts at McAfee's labs, giving them a leg up when dealing with breaking events such as Internet worms.

The latest release of Foundstone Enterprise features regulatory compliance templates. The updated software will measure compliance with the vulnerability and configuration aspects of regulations such as SOX, HIPAA and the Payment Card Industry (PCI) standard.

Vulnerability Assessment

Another weapon in security behemoth Symantec's diverse arsenal of security weapons, Vulnerability Assessment gets good grades across the board, with security most frequently receiving excellent scores.

Internet Scanner
Internet Security Systems,

A top name among VA scanners, Internet Scanner can be integrated with ISS's intrusion prevention products under a common management platform. Readers applaud its overall quality, and give high marks for its performance and feature set.

This was last published in February 2006

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.