LOGICnow MAX Risk Intelligence
Strengths: Vulnerability assessment at the endpoints really doesn’t get easier or less expensive than this. Even though this is not full-featured in the sense of a total vulnerability management tool, for its intended purpose it has all of the vulnerability management tools it needs. Tied to its cloud analytics, it is a next-generation vulnerability assessment tool.
Weaknesses: None that we found.
Verdict: LOGICnow MAX Risk Intelligence is one of the cleverest vulnerability assessment tools we’ve seen. For its straight-to-the-point functionality and its exceptional value for the money we designate this our Best Buy.
When we heard from an old friend - who had created iScan OnLine - to ask if we would include them in this group, of course we agreed. This is a very innovative company with a really neat product. So we got the information we needed, but there was nothing about iScan in it. That's because iScan is one of those great success stories in that it was acquired back in February of this year. They now are MAX Risk Intelligence and are part of LOGICnow. That doesn't make them any less interesting, of course, and it hasn't changed one of iScan's most beguiling features: the price point. When we did a First Look on these folks, we were told that the iScan service was less expensive than McNuggets over the same period. It still is. In fact, it would not take many McNuggets to get to the £16.44 per endpoint per year price tag.
MAX Risk Intelligence is an interesting concept. Endpoints are among the most vulnerable on the enterprise because this is where users are most able to inadvertently do damage. Such things as sensitive files with credit card information or PII, often reside on endpoints. Additionally, the endpoints can be so numerous that many organisations won't scan due to network loading. Finally, endpoints are not always turned on, especially if they are laptops. So what is the best scanning solution? Let the endpoint user perform the scan themself? The trouble with that is running vulnerability scans is not part of most people's work days, so it would seem that doing that won't work either. Except that with MAX Risk Intelligence it does.
MAX Risk Intelligence requires almost no interaction with the user and it can be set to remind the user to scan automatically. No forced activity on boot-up or shut-down as we see with updates to software and operating systems. Simply a reminder to click a button or link and it's done. It takes very little time and does not interfere materially with the user's other work. The reports are sent automatically to the designated security person for analysis.
Reminders and links can be programmed automatically using Active Directory, can be part of the process of logging into a web portal for road warriors, or can be run as part of another script. Configuration and provisioning is simple and security admins can programme actions into other functions - such as anti-malware deployments. For example, if a scan shows that the malware update hasn't been performed an update can be triggered elsewhere in the enterprise. If a PAN scan (for primary account numbers and unencrypted credit card data) shows clear text credit card information, the computer's user can be contacted or the computer taken offline until the deficiency is remedied. The key, though, is detecting the problem.
If endpoints contain vulnerabilities, the aggregate vulnerabilities across the enterprise can be reported out and measures taken. Additionally, the exposure to risk can be calculated and here is where MAX Risk Intelligence really shines. The tool can look at the enterprise as a whole and calculate, based on individual exposures, what the total exposure of the organisation is for each breach type it detects. This helps management prioritise budgets and it helps security professionals triage remediation.
Documentation is very good and the website has a lot of information. Pricing is beyond reasonable for what you get and when we tested it took just a few minutes to set up. If we had been testing on a 5,000-user enterprise instead of a five-user one, it would still have been simple to deploy. And since, essentially, you are only scanning one computer at a time, this is a "set it up and let it run" arrangement. Deployment, after initial setup, is automatic and the reports are automated or on-demand.