McAfee Vulnerability Manager
May 01, 2012
c£7,500 (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Compliance scanning and risk-based correlation ability
- Weaknesses: Easy to misconfigure if set-up procedures are not followed correctly
- Verdict: If one wants bang for the buck, take a look at this. Just be prepared to support it if something goes haywire
Want an appliance that combines a powerful vulnerability scanner, penetration testing, web application scanning, compliance checks and integration into the existing environment? Well then, the McAfee Vulnerability Manager (MVM) should make your shortlist.
This appliance comes loaded to the gills with powerful onboard tools for solid vulnerability management. The MVM also packs the punch of built-in compliance and auditing through several ready-to-go compliance templates, such as for the Payment Card Industry Data Security Standard (PCI-DSS), among several others.
We found this appliance easy to set up and manage, but it can also be easily misconfigured if changes to the system are not made properly; we will get into that shortly. The initial set-up is quite straightforward as the appliance is pretty much plug-and-play with much of the heavy lifting of installing the applications already done out of the box.
Management is done through a web-based management console that we found to be quite overwhelming at first. However, we quickly got the hang of navigating around and setting up scans and managing the configuration. This tool also gives the option of carrying out both credential-based and null credential scans, along with many other types of scans, for discovery, inventory and compliance.
However, all this functionality comes with possible pitfalls. We found at one point in our testing that we were able to simply change a few things on the appliance itself, including the IP address, and things started going wrong almost instantly. After our IP change, the appliance lost its ability to find the scanning engine, so we deleted it in the settings in hope of being able to re-add it and bind it to the new IP address, but no dice. The scanning engine was lost and it would require a call to technical support to get things up and running again.
That said, this appliance has some outstanding features and functionality, and does a lot of compliance-based reporting at a granular level. It also features a dashboard that provides an excellent, in-depth look into trouble spots throughout the network at a single glance, along with risk assessment through the scoring of assets.
Documentation includes a full installation guide and a user guide, along with a few other supplements. The installation guide, for the most part, covers the actual software installation that is already done when the appliance arrives, but it also includes some helpful initial configuration tasks as well. The user guide provides excellent step-by-step instructions on configuration and management of the appliance, as well as detailed examples on how to use product features and functions.
McAfee provides several support options to customers based on the size and needs of their particular installation. Customers can obtain phone- and email-based technical help, as well as access to an online support area with many resources, including a knowledge base, tutorials and product documentation, as well as web-based chat.
At a price just shy of circa £7,500, we find this solution to be of excellent value for the money. The McAfee Vulnerability Manager provides a strong combination of features and function for full vulnerability management and compliance.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report