NetIQ Vulnerability Manager turns in solid performance

Agent-based product supports proxy functionality.

Clear Choice Tests  By Mandy Andress, Network World, 06/12/06

NetIQ's Vulnerability Manager is an agent-based product. Data is collected in the central Microsoft SQL Server database and accessed by administrators through a console application. A Web-based interface is available for viewing reports.

We installed Vulnerability Manager and deployed Unix and Windows agents across our test network, a process handled easily via a console wizard. NetIQ also supports proxy functionality, where an agent on one server connects to other servers to collect data. The agent then reports to the central server, helping cut down on network traffic and open firewall ports required in the communications path.

Policies are defined by creating security checks and grouping them into compliance templates. NetIQ includes the standard regulatory (for example, HIPAA and Sarbanes-Oxley) and organizational (such as the National Institute of Standards and Technology) templates, but it's also possible to create policies from scratch, a straightforward process in general that could use a little more documentation to be completely smooth. Our tests showed that once a policy is defined, policy checks run directly against the system complete very quickly.

NetIQ stands out among its competitors in that after users run many compliance checks, they can look at the list of available reports and easily identify which report they want to view. The list includes detailed information about each report, such as name, description and date completed. To run delta reports, you choose two reports of the same type and select its "run delta" option.

About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW

Copyright, 1994-2008 Network World, Inc. All rights reserved.