August 01, 2007
£5,495 for unlimited IP
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Clean interface that requires no additional knowledge to use
- Weaknesses: More of a network vulnerability assessment application
- Verdict: A large number of web false positives and only one type of report available make this utility a better network vulnerability assessment utility
NGSSoftware's Typhon III is really more of a traditional network vulnerability assessment tool with some application intelligence built in. The utility was able to locate FTP-based vulnerabilities on our test system, but had difficulties with web assessment.
The solution did not display the name of URLs found during the crawl or group the vulnerabilities by category. Typhon III was fooled by the custom error pages into believing pages existed that did not. This yielded a list of non-existent pages and directories without much detail as to actual vulnerabilities. The number of false positives reported by the utility was well over 100.
This product would perform well as a traditional network vulnerability assessment tool but lacks the necessary features to perform a web-based application vulnerability assessment.
A component that is unique to this solution is the ability to check for other open ports - which also created additional false positive responses - as well as an included war dialer.
The utility offers one level of report, but it is easy to read and understand for the technician.
Installing Typhon III was very simple and required only clicking "next" a few times. Once installed the utility was logically laid out and included an almost unnecessary wizard to configure the scan.
Typhon also uninstalled cleanly and easily leaving the systems in their original states.
Documentation for the utility comes primarily through the included help files. The files are complete and can assist an administrator with any configuration troubles. However, the utility is simple enough to use that help files and documentation should not be necessary for most administrators.
The primary method of support is via email, and the vendor says a resonse will be sent by the next business day.
The pricing for the Typhon was in the middle of the range of products tested at £5,495 for unlimited IP, which included the email support. The price is a bit high considering the feature set that is included. This solution performs more as a network vulnerability assessment application and is priced more suitably for that category.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry