February 01, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Detailed analysis of AS400, Unix and OpenVMS. Low cost of ownership. Offline analysis so does not impact host being tested.
- Weaknesses: Virtually no documentation, no U.S.-based support, non-intuitive and some functions do not behave as expected. Offline analysis requires creation and download of the files containing the data to be audited.
- Verdict: Competent open systems auditing tool, but with some notable shortcomings.
AZScan has a way to go to become a world-class vulnerability assessment tool – the product is not intuitive. First, one needs to know quite a bit about the product being audited. Second, there is no online help or tool tips. Third, the menu choices don’t always behave as expected. Set-up seems easy at first, but details often don’t work.
This product is a basic host audit tool. However, instead of testing on the host, you need to download the applicable files (password, directory listing and so on) and analyze them offline. This is a bit inefficient, because the downloads must be performed prior to each new test in order to ensure that the tests are being applied to the current configuration of the computer under audit. However, this approach does allow the system to be tested without impacting its performance as testing is done offline.
AZScan is intended for use on large Unix, AS400 and OpenVMS computers. These are likely to have a very large directory structure, and AZScan is the type of tool that will ferret out the configuration-based vulnerabilities in such systems.
The product offers a lot of information and a large number of tests. But it is very difficult to understand, partly because it offers so much information. Its presentation of the information is extensive, and the most useful parts of the presentation are specific to the audience (such as graphical for managers and executives, and very detailed for engineers).
In fairness, AZScan is a very ambitious product. Conducting the myriad of audit tests that the product performs is nowhere near as difficult as presenting the results in a useful manner. We found that it performed the tests competently, but we were disappointed with the reporting and ease of use.
Documentation is nearly non-existent and support has to come from the U.K. For all that, it is good value for the money once the user becomes familiar with it, gets it properly configured and becomes conversant with its reporting. In terms of host-based audit tools, AZScan is competent, if not spectacular.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry