- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Vulnerability management starts with tools that assess security in network gear and applications, but it's a road that forks, one way leading to host- or agent-based scanners and the other to network-based or agentless scanners.
An agent-based vulnerability scanner is deployed directly on the host system; the alternative, an agentless scanner, probes machines at targeted IP addresses. By year-end, agent-based options are expected to nudge out agentless tools in sales volume by about $100 million, IDC predicts, with total sales for both types of about $600 million. Although the market is rich in both varieties, experts say several factors influence the choices that network managers make in vulnerability assessment.
Both approaches have pros and cons. "The bad thing about agents is that they're expensive to install and maintain," says John Pescatore, an analyst at Gartner, in describing the considerations that come up with the decision about which route to take.
The bigger the network, the more the agent-based software that has to be installed. Costs typically range from about $25 to $40 per desktop to hundreds of dollars for servers, according to vendors with agent-based products. On the other hand, "the huge benefit of an agent-based [scanner] is that you can get deeper information about the computer node, such as looking into the registry," Pescatore says.
Vendors selling agent-based products include BigFix, Citadel, Computer Associates, Configuresoft, Elemental, IBM, LANDesk, NetIQ, PatchLink, Secure Elements and Symantec, according to the Burton Group in its "Vulnerability Management" research report.
"The value in an agent is in the scalability with networks of 70,000 and more," says Randy Streu, vice president of product management at Configuresoft, whose Enterprise Configuration Manager consists of software agents that can be added to Windows desktops and servers.
In large networks, the agentless approach stumbles on obstacles such as firewalls, which can block scanning attempts, and overly long scanning time frames. In addition, experts point out that mobile devices are not good candidates for agentless scans because they are often removed from the network and may elude detection.
Cambia, eEye Digital Security, Internet Security Systems (ISS), Lockdown Networks, McAfee, nCircle, PredatorWatch, StillSecure and Visionael are the main contenders in agentless vulnerability management, analysts say. Some vendors, including eEye, sell both agent-based and agentless scanning products. Others, such as Qualys, specialize in services for agentless scanning.
The bigger picture, however, is that vulnerability-management vendors are in the midst of partnering in integration alliances that will let their vulnerability-assessment tools share data directly with patch-management tools for remediation or security-event management (SEM ).
According to the Burton Group, ISS, Lockdown, McAfee, nCircle, PredatorWatch, Qualys and StillSecure have integrated with Citadel and PatchLink to automate software fixes.
The biggest push at Qualys during the past year was to integrate its product with SEM products from ArcSight, Network Intelligence and NetForensics that centralize security data, says Gerhard Eschelbach, CTO at the company.
"This integration happened on a large scale, so now it's automatic, not manual," Eschelbach says.
Agentless network scanners also can perform credentialed scans for some targeted host systems. Credentialed scans use the appropriate administrator user IDs and passwords so that the scanner's central console or proxy can log into Windows domains or Unix systems to examine the computer for vulnerabilities.
Although credentialed scans closely imitate agent-based scans, most observers consider them less comprehensive in discovering holes or providing a way to fix them.
According to the Burton Group, Altiris' AuditExpress can identify vulnerabilities in Microsoft Windows or Unix systems via a credentialed network scan. AuditExpress also has an option for using agents, making it a possible choice for organizations that want to adopt both approaches.
BindView Development, which Symantec is in the process of acquiring for $207 million, offers the bv-Control product for both credentialed and non-credentialed scans of Windows, NetWare, Unix and OS/400 operating systems, Check Point firewalls, and applications such as Oracle databases.
Rss FeedRss Feed
and there is always a but... firebug doesnt work :(- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment