Cenzic Hailstorm ARC
Strengths: Targeted in-depth web application assessment product
Weaknesses: Needs its own webserver, adding to overall cost of ownership
Verdict: We liked this product, but it does suffer from a lack of comprehensive documentation
Cenzic Hailstorm Enterprise ARC is a web application vulnerability scanner. This product can scan websites and web applications in the enterprise to see how vulnerable they are to possible attack from hackers. It can also go above and beyond standard scanning by providing complete risk analysis and compliance checks.
Installation was quite easy and most of it is automated. After the prerequisites of the .Net Framework and IIS are installed, it pretty much installs itself. The installation is guided by a simple setup wizard and after a few clicks the product installed all the necessary components.
Post-installation is the only slightly tricky part. The product is bound to the machine using a machine ID, so we had to copy and paste this into an email and send it off to wait for our licence key. Administration is done from a web-based console. This console is easy to use and fairly intuitive to navigate, with a tab top navigation structure.
Cenzic Hailstorm comes ready to go with many predefined scans and assessments. All we had to do was add the target, choose the policy and run the scan. Scans can be set up with a number of different options, including Active Directory login credentials and various compliance groups. It can support compliance regulations such as PCI, GLBA, SOX, OWASP and SANS.
Documentation included an installation guide and evaluation guide. The installation guide provides in-depth detail of the whole installation process step-by-step, including many screenshots and examples of the installation wizard. The evaluation guide provides a quick overview of adding targets and running a scan, along with screenshots. We did not receive any other documentation for this product, such as an administrator or user guide.
Cenzic offers basic 12/5 phone and email support with the purchase of an annual subscription and 24/7 support is available for an additional fee of 10 per cent of the price. There is also a support area on the website that offers a FAQ section and a customer support portal.
At £18,900, this product is good value for the money. It provides targeted web application assessment in a simple-to-use, fully integratable format.