Every one of our products this month is, in its own way, a solid offering, and we think that this month you'll find answers to some important questions about the direction of both vulnerability assessment and patch management tools. This is an important pair of security groups and some tools do specific tasks better than others. All in all, though, this is a great way to match your requirements against the tools available in the marketplace.
Product Section GFI RedSeal Novell Easy-to-use e Provides Offers solid iled tool for detailed analysis of client server scanning P4646 rules P55 patching P52 2 AZINE SUPER U SC MAGAZINE SUPER GROUP VULNERABILITY MANAGEMENT How we test and score the products The cornerstone of Our testing team includes SC Magazine Labs staff, as well as exter- information assurance nal experts who are respected industry-wide. In our Group Tests, we look at several products around a common theme based on a pre- determined set of SC Labs standards (Performance, Ease of use, T his month we are looking at an important Features, Documentation, Support, and Value for money). There piece of the information assurance puzzle. are roughly 50 individual criteria in the general test process. These Vulnerability management is an emerg- criteria were developed by the lab in cooperation with the Center ing product area and, for the most part, it still for Regional and National Security at Eastern Michigan University. is fragmented. This year we will stick with the We developed the second set of standards speciﬁcally for the two major fragments – vulnerability assessment group under test and use the Common Criteria (ISO 1548) as a and patch management – but I foresee next year basis for the test plan. Group Test reviews focus on operational looking at the genre as a coherent vulnerability characteristics and are considered at evaluation assurance level (EAL) 1 (functionally tested) or, in some cases, EAL 2 (structurally management whole. tested) in Common Criteria-speak. The issues that are driving yet another conver- Our ﬁnal conclusions and ratings are subject to the judgment gence in our marketplace this time are cost and integration of functional- and interpretation of the tester and are validated by the technol- ity. That should be no surprise given that the discovery of vulnerabilities ogy editor. often suggests the need for some patching. In fact, several of the products
Pages to are hidden for
"The cornerstone of information assurance"Please download to view full document