January 01, 2007
£21 per IP address, volume discounts available
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Highly customisable appliance, easy to use, central management and correlation, excellent support
- Weaknesses: Report engine can be difficult to use, high cost of implementation for large enterprises
- Verdict: Overall, a capable product with solid enterprise application that offers above average performance, at a price
This is a solid vulnerability assessment appliance with a long-standing pedigree. The StillSecure VAM is also available in a software-only version. Implementation is straightforward and the web-based user interface is intuitive. Operation and administration are easy enough, and a plethora of wizards makes most tasks quick and effective.
Reporting is good and includes many templates. However, setting up the reporting can be a bit tedious. Like most products in this group test, VAM supports compliance testing, especially Payment Card Industry standards.Compliance reporting is strong.
We had no trouble implementing the VAM in our test environment. There is a clear installation guide that takes you through initial configuration. For much more depth, the user guide offers additional information and specific details on VAM capabilities. The documentation is in PDF files that are packed with screen shots, examples and menu descriptions.
VAM is Linux-based, but the operating system is somewhat purpose built. Today that can mean anything from a completely new operating system to a hardened version of an existing one. In this case, there is a lot of Linux (a hardened version of Red Hat) in the VAM, which makes for an efficient operating environment. We found no obvious way to compromise the VAM OS.
The product provides network mapping and discovery, and this can be automated and scheduled. Performance was above average, with the appliance identifying more than 75 per cent of our vulnerabilities. In addition, the VAM can act as a centralised dashboard correlation centre, accepting scanner output from other devices, such as Nessus and ISS Internet Scanner, as well as other copies of the VAM.
Support is excellent, including email and phone. Additional support packages include product updates and upgrades, plus rule updates. There is a frequently asked questions section on the website, as well as other useful resources.
We found the VAM to be a bit pricey, however. Although the product performs well and is scalable, at £21 per IP address, it can be quite expensive for large enterprises, even with the available volume discounts.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry