Strengths: Scanning support across many server platforms in the enterprise
Weaknesses: Documentation lacks visuals and agents must be deployed manually
Verdict: A very good tool, but it requires extra effort to install and manage
Assuria Auditor is a security and compliance scanner for enterprise servers. It features capabilities such as vulnerability assessment, system change detection, system information and regulatory compliance. The Auditor can actively scan systems using agents deployed across the enterprise network and these agents report back to the main console.
This was an easy install. The initial install of the console application is guided by a setup wizard that is easy to follow. With the product up and running, we started to deploy the agents. The only problem we had with this process is that the agents are in executable format, so they cannot be deployed using something like Active Directory Group Policy for Windows-based systems. The console is easy to use, with an intuitive tree navigation structure.
Agents can be deployed across many system and server types throughout the enterprise. Assuria offers agents not only for Windows-based systems but also for Linux, such as Red Hat Enterprise and SuSE Enterprise, as well as Unix systems, such as Solaris. Policy and scanning is also easy to organise and scans can be set up with a number of various properties.
Documentation for the product includes an installation guide that illustrates the overall installation and setup process for the console and agent deployment. There is also an administrator guide that focuses on policy creation and compliance checks. Finally, a user guide details using product features and running scans. All these manuals are well organised and easy to follow. However, there are no screenshots or diagrams.
Assuria offers 24/7 phone and email technical support, as well as product updates, as part of a maintenance contract at 20 per cent of the licence fee. There is a support area on the website, but it only contains support contact information. There are no other support options, such as a knowledgebase or user forum. These are planned for the future.
At a price starting at £3,500 for the console and five agents, with additional agents from £750, this product is good value for the money. While it does have some small deployment hurdles to jump, it is quite easy to use and provides a multi-platform vulnerability scanning engine.