Wednesday, December 3, 2008

McAfee Foundstone Enterprise Tryout

Foundstone is famous for its free security tools, such as fport, superscan and sqlscan. Long time ago the company started providing assessment service with their own assessment software, but even after it was acquired by McAfee, this software was not available on public.

Now McAfee are selling their appliance with vulnerability scanning and management software preinstalled, it’s impossible for a download and a try. Fortunately on Nov 28 the formerly Foundstone Enterprise software was released in 0day scene*, so I have a chance to try it.

After tryout of a whole day, I had to say that it’s really a true vulnerability management platform for large scale corporations. I’d suggest buying the appliance if we have budget.

From the installation I found it’s a product designed by security guys. The windows and database are required to have proper SP installed, new added assets admin password is forced to be strong, otherwise you cannot finish the configuration. Signatures updating is required to input username and password, which will help manage license and forbid pirate version usage. It’s a security product, why not?

Like other SaaS vendors such as IBM and Qualys, Foundstone has a web portal too, which provide assets management, vulnerability scanning, reporting and remediation. Here I list some functions that I think they are highlights of foundstone.

  • Assets are grouped by BU, echo group is assigned with an admin. Scans can be implemented by business function, asset value, owner or location. Security team could focus on the most valued assets easily.

  • Lots of scan templates, includes ISO17799, NIST SP800-68, SOX, PCI and wireless, etc.

  • Immediately verify that whether the vulnerability has been fixed or not, by examining the system in ticket management with a single click. This makes fix tracking damn efficiently! No need to launch new scan, or verify with other tools.

  • Vulnerability management is a program with tools and processes. Many security vendors are selling their service today, with 7x24 supports. For enterprise environment, the single scanner software is dead now.


    *The scene version is a 60 days trial one, no password provided for online updating.



    Screenshots in my tryout, click for large view:







    1 comment: