$495 for up to 32 addresses
This is a straightforward vulnerability scanner that also manages patch deployment. It can push patches and service packs out to target computers by means of a patch agent installed on the target. We found it generally competent and straightforward to install on our Windows 2000 notebook.
Documentation for NSS comes as a downloadable PDF file. It has several errors that seem to stem from an incomplete conversion from a Microsoft Word document. But it is well-illustrated with screen shots and the installation section is adequate. Support is via the website.However, once the product is installed, it is not intuitive to use. Engineers who are familiar with a wide range of scanners will see much that is familiar, but others will find themselves referring to the manual constantly, a problem because the manual is not always as clear as it should be.
We found the options available on the interface confusing at times and the available scan options were not always clearly explained.
In terms of performance, NSS turned in the fewest identified vulnerabilities of all the products we reviewed by a considerable amount.
The product has many useful features and a scripting language based on Microsoft VisualBasic. The feature set is its strongest point, and scans and patch deployments can be scheduled and the scanner run from the command line. The manual is very brief and was little help to us as we struggled with learning the product.
The scanner can store results in a Microsoft SQLServer (good for large systems) or in an Access database. This choice is configured at install time. Reports are defined using scan filters. Scans can be defined using scan profiles.
This is a capable scanner, but to use it effectively requires spending a fair bit of time playing with it in order to understand its quirks and capabilities.