Secunia VIM v4.0
Strengths: Speed and the ease of delegating assets to various users
Weaknesses: No significant weaknesses
Verdict: A very good product for large enterprises
Secunia VIM is a real-time vulnerability intelligence and management tool, providing organisations with the necessary information required to analyse vulnerabilities in their IT infrastructure, as well as track them from a centralised dashboard interface.
The tool allows organisations to define customised filters according to software responsibility and compliance criteria for each of the recipients in the organisation. Personalised security alerts can be issued in real-time whenever a new vulnerability in the IT infrastructure is discovered. It also helps ensure compliance through policies and reporting of advisories for each asset. Other features include a built-in ticketing system, proof-of-concept modelling, alternative remediation options and flexible alert formats.
The product is a web-based application service and only requires a web browser and internet access to connect to the system. The browser must support first-party cookie settings, session cookies and a PDF reader. If Internet Explorer is used, it should be version 6 and above. Users will also need a username and a passcode (the Secunia password must be changed on first use).
During the initial setup the dashboard was used to indicate which elements were improperly configured or were missing. At one point we needed to contact support to help understand how to complete the configuration of advisory tickets. The support person was professional and patient. In a very short time, the issue was resolved (our error as we chose a product that did not generate any patch warnings for the past year). Once proper vendors and products were selected, the vulnerabilities were immediately discovered and tickets issued to multiple support personnel.
After working through all of the settings and options, the reporting selections were completed. The automated and on-demand reports were sent via email. The report options allowed for a wide variety of detail from high-level summaries and highly detailed reports. These were easy to read and understand. The ticketing system had all of the features one would expect. Plus, the speed of this product is impressive.
Eight-hours-a-day/five-days-a-week phone and email support is available at no extra cost. There is no maintenance renewal beyond the initial purchase price and the cost for following years is: £37,312 for two years, £46,640 for three years and £65,296 for five years.
Secunia also provides assistance on the company's website, including a searchable knowledgebase and a FAQ section. Customers have access to a fairly comprehensive community forum for information sharing, access to advisories and more via postings, chats, debates and connection to Secunia personnel. The company provided an excellent technical user guide with screenshots and clean narratives that mirror (for the most part) the help function within the product.
Secunia has opened its ten years of vulnerability research to the public. Overall, the value for the cost of this product is good.