Critical Watch FusionVM
February 01, 2013
FusionVM SaaS starts at $416 per month for 100 IPs, including upgrades; FusionVM Enterprise (physical or virtual appliance) starts at $39,995 for 1,000 IPs.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Internal and external scanning ability.
- Weaknesses: Web-based support is quite minimal; no knowledge base.
- Verdict: Good functionality, but could use stronger support.
FusionVM from Critical Watch offers both vulnerability management and configuration policy auditing in either a physical or virtual appliance or as a full, cloud-based SaaS option. If the SaaS option is chosen, customers can receive external scanning without any additional hardware or software needed. If scanning internally, the customer must install an appliance that connects to the cloud service for scanning. This product offers many vulnerability and risk assessment options, including web applications, databases, third-party applications and workstations, among many others. This tool also includes a full compliance module that scans and reports on many compliance standards, such as Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), ISO1779 and PCI.
For our evaluation, we ran the product in the SaaS model with a physical scanner installed in our lab. The setup of the appliance was quite simple and only took a few minutes. We first plugged in the appliance and connected a monitor and keyboard. After the appliance was booted, we were able to login and configure the network and IP settings. Once those were completed, the scanning appliance was up and running with a connection directly to the Critical Watch cloud VPN. To launch a scan, we simply had to log into the Critical Watch web portal and set up a scanning job. We found the web portal to be quite easy and intuitive to navigate with a nicely organized layout. Scanning jobs can be set up to run on-demand or be scheduled to run at specific times.
Overall, we found the Critical Watch FusionVM to be quite flexible and to have many features. Built in to the web portal is a remediation manager section, which allows for administrators to assign and track remediation tasks after a scan has completed. Also available are several charts, graphs and reports for viewing scan results based on hosts scanned, risk data and open services, among others.
Documentation included a full PDF user guide that covered how to deploy and use the product. We found this guide to be well-organized and to include many screen shots and detailed explanations of product features and functions. Also included were many examples that helped illustrate more complex scanning and reporting procedures.
Critical Watch offers full 24/7 phone- and email-based technical support to customers as part of the SaaS subscription fee. For customers with the on-premise version of the product, assistance can be purchased as part of a contract at about 10 percent of the product price. Customers also have access to an online FAQ, but that is about it for online-based support. At the current time, Critical Watch does not provide a web-based knowledge base.
At a price starting at $416 per month for 100 IPs for the SaaS service, or around $40,000 for 1,000 IPs for the on-premise scanner, we find this product to be a good value for the money. We found the hybrid SaaS/appliance architecture to offer flexibility for deployment while providing a good amount of features and functionality.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes