February 01, 2006
£21 per IP address, volume discounts available
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Ease of use, organized and intuitive interface.
- Weaknesses: Documentation almost is too much and we had some small problems when doing the original network configuration.
- Verdict: Part of a full vulnerability management platform with excellent coverage.
This is really more than a single VA tool. It is part of an integrated enterprise-wide vulnerability management platform consisting of distributed scanners, a central platform and a variety of reporting and management processes. The appliance is pre-installed on a hefty Dell server.
StillSecure’s website characterizes the VAM as a “vulnerability command/control center”. We place it in our fully featured appliance category.
The product comes partially installed and you use the supplied installation and maintenance disk to bring it online. Documentation is prodigious and is delivered in a thick binder, with more on a CD.
StillSecure offers phone support and there is a limited FAQ on the website. Generally, we found the tool easy to use and install, but did experience some difficulty during installation that required us to edit two network configuration files manually. Since the product runs in a Linux environment, that task requires a knowledge of the various flavors of Linux.
This complete package has everything needed to find and repair vulnerabilities and create over 60 different reports. The Security POV is the reporting and compliance engine and reports can be generated to meet the requirements of regulatory compliance reporting. What’s more, VAM has a module that helps manage the vulnerability remediation process.
Interestingly, portions of the VAM’s vulnerability assessment engine are built on Nessus, which allows it to take advantage of the large number of plugins rapidly and efficiently.
This machine performed very well on our test network. It discovered it and scanned for vulnerabilities all in one step. But the process page display does not automatically refresh, so the analyst has to do it manually to see current status of a scan.
When used with additional modules in a very large enterprise, VAM offers a comprehensive vulnerability management tool.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry