Now McAfee are selling their appliance with vulnerability scanning and management software preinstalled, it’s impossible for a download and a try. Fortunately on Nov 28 the formerly Foundstone Enterprise software was released in 0day scene*, so I have a chance to try it.
After tryout of a whole day, I had to say that it’s really a true vulnerability management platform for large scale corporations. I’d suggest buying the appliance if we have budget.
From the installation I found it’s a product designed by security guys. The windows and database are required to have proper SP installed, new added assets admin password is forced to be strong, otherwise you cannot finish the configuration. Signatures updating is required to input username and password, which will help manage license and forbid pirate version usage. It’s a security product, why not?
Like other SaaS vendors such as IBM and Qualys, Foundstone has a web portal too, which provide assets management, vulnerability scanning, reporting and remediation. Here I list some functions that I think they are highlights of foundstone.
Vulnerability management is a program with tools and processes. Many security vendors are selling their service today, with 7x24 supports. For enterprise environment, the single scanner software is dead now.
*The scene version is a 60 days trial one, no password provided for online updating.
Screenshots in my tryout, click for large view: