Vulnerability Manager 5.0

Category: Vulnerability Scanners
Website: http://www.netiq.com/products/vsm/default.asp
Manufacturer: NetIQ
Operating System: Windows

Description:
NetIQ is a scanner that relies upon agents distributed on all target clients. It can scan for missing patches, as well as a host of common vulnerabilities. It relies on a vulnerability database to look for signatures on the client machine that match to various problems. The database is updated regularly and automatically. NetIQ includes a report generator that rolls up all the data discovered during the scan.

Strengths:
   · Vulnerability descriptions are very complete and come from TruSecure
   · Agent based scanning doesn't rely on DCOM
   · Comparison reports tell you what has changed since last scan
   · 1000s of security, patch, and compliance checks built in and the ability to create new templates
   · Risk scoring on each issue on each machine
   · Its possible to group computers based on risk tolerance and scan/report differently in each group
   · Scanning can be easily scheduled

Weaknesses:
   · Not as easy to discover machines in your network as Retina
   · Admin credentials required for every scanned system
   · Agent based scanning requires software install on each client
   · No intrusive testing option, all scanning based on signature db
   · Detailed vulnerability descriptions are easy to see at update time but harder to find Otherwise.
   · Descriptions don't exist for security checks or for best practices

Target:
Any server

Mitigation/Recommendation:
Strong passwords, good firewall, and a patched server. Make sure nothing can be installed on the remote machine

Price:
$3,000 for 50 IP address scans

Penetration (2):
Very unlikely a hacker would use this tool to attack a system since it requires installing the client on the target machine.

Simplicity (7):
Easy to learn

Damage Potential (0):
Requires an installation on the attacking machine