SAINT Security Suite
June 01, 2016
£8,222 for 1,000 IPs.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Excellent combination of vulnerability assessment and pen testing capabilities, ease of use (a huge improvement over earlier versions) and comprehensive reporting.
- Weaknesses: None that we found.
- Verdict: The SAINT Security Suite is a venerable system that in the past we have called a great work-horse. Now we see it as much more than that so we make it our Recommended product.
This is one excellent value. At about £8 per IP at the 1,000 IP level it certainly comes in at the low end of the price spectrum. We tested the SAINTbox Model 300. The box came with a two-page quick-start guide and we found everything we needed there. We powered it up and attached a keyboard, mouse and screen to it. From that point, following the guide was easy. Each of the eight setup steps is clear and we got excellent results in that we were up and ready to start scanning in 15 minutes.
SAINT is one of the pioneers in mixing vulnerability assessment and penetration testing in the same tool. SAINT (Security Administrator's Integrated Network Tool) originally was a rework of SATAN (Security Administrator's Tool for Analysing Networks). Back when these tools were open source they caused a lot of concern in security circles. For example, in the mid-1990s, HP put out a warning to its HP-UX customers that SATAN was coming and they needed to tighten up their security.
Unlike those old, cobbled-together collections of hacking scripts - mostly for Unix - today's SAINT is a paragon of professionalism. The GUI is very user-friendly, the functionality is first-rate and the performance is right where it needs to be. The integration of SAINTexploit into the vulnerability scanner provides a solid path from vulnerability assessment to pen testing (as of SAINT8, SAINTexploit is fully integrated into the product instead of being an option). When an asset has an exploitable vulnerability the dashboard shows that and suggests how to exploit it.
Once we were set up and ready to go, the next step was setting up a scan policy. From this, SAINT knows what vulnerability assessment probes to run against the asset. This, in turn, results in pen testing suggestions. In the meantime, SAINT stores the vulnerability assessment data in its backend database.
The dashboard - our landing page in this case - is pretty typical of dashboards throughout the industry. That, we think, is a good thing since it is familiar and easy to navigate for those who have been around other tools. Tabs across the top clearly present navigation options, such as scan, analyse, report, ticket, etc. Each tab has detailed options as well, so getting to the broad category leads you to sub-categories - again, consistent with what a user might expect.
Once we had run our scan we could opt to select the Exploit Tab and move on to attack the vulnerabilities our vulnerability assessment scan found. The exploit process is a bit more complicated. Even though SAINT has a wide variety of available exploits, some setup is required to use one. The setup is not particularly difficult and experienced pen testers likely will find it trivial, but for newbies there will be a bit of a learning curve. This is not a fully automated exploit tool at this point, although it does have an automated pen test option.
The automated pen test begins with a scan to identify devices and running services. It then determines which exploits apply and attempts the exploits. Finally, it documents the results and makes them available to the tester. The notion of automating pen tests is debated in pen testing circles. For our part we like having both the manual and automated options. We also liked the finesse of selecting only those exploits that address services actually running on the target. This is not quite the same as a "hail mary" in Armitage which is a lot noisier.
Documentation is very good. It's complete with lots of screen shots and step-by-step instructions. The website is complete and well laid out, and there are several support options - ranging from pretty plain vanilla to extended - with personalised assistance. Pricing makes this a very good value for the money.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries