Learning Center
Plans & pricing Sign in
Sign Out

The cornerstone of information assurance


Every one of our products this month is, in its own way, a solid offering, and we think that this month you'll find answers to some important questions about the direction of both vulnerability assessment and patch management tools. This is an important pair of security groups and some tools do specific tasks better than others. All in all, though, this is a great way to match your requirements against the tools available in the marketplace.

More Info
									Product Section
GFI                                            RedSeal                                           Novell
Easy-to-use e                                  Provides                                          Offers solid
tool for detailed                              analysis of                                       client server
scanning P4646                                 rules P55                                         patching P52 2

                                                                                 How we test and score the products
The cornerstone of                                                               Our testing team includes SC Magazine Labs staff, as well as exter-

information assurance                                                            nal experts who are respected industry-wide. In our Group Tests, we
                                                                                 look at several products around a common theme based on a pre-
                                                                                 determined set of SC Labs standards (Performance, Ease of use,

                                 his month we are looking at an important        Features, Documentation, Support, and Value for money). There
                                 piece of the information assurance puzzle.      are roughly 50 individual criteria in the general test process. These
                                 Vulnerability management is an emerg-           criteria were developed by the lab in cooperation with the Center
                          ing product area and, for the most part, it still      for Regional and National Security at Eastern Michigan University.
                          is fragmented. This year we will stick with the          We developed the second set of standards specifically for the
                          two major fragments – vulnerability assessment         group under test and use the Common Criteria (ISO 1548) as a
                          and patch management – but I foresee next year         basis for the test plan. Group Test reviews focus on operational
                          looking at the genre as a coherent vulnerability       characteristics and are considered at evaluation assurance level
                                                                                 (EAL) 1 (functionally tested) or, in some cases, EAL 2 (structurally
                          management whole.
                                                                                 tested) in Common Criteria-speak.
                            The issues that are driving yet another conver-
                                                                                   Our final conclusions and ratings are subject to the judgment
gence in our marketplace this time are cost and integration of functional-
                                                                                 and interpretation of the tester and are validated by the technol-
ity. That should be no surprise given that the discovery of vulnerabilities
                                                                                 ogy editor.
often suggests the need for some patching. In fact, several of the products
To top