February 01, 2013
tarts at $8,745 for 1,000 unique targets (annual subscription).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: The level of configurable policies and the maturity of the SAINT technology.
- Weaknesses: Some of the documentation can be a challenge to navigate.
- Verdict: This is a great product designed for performance.
From the same graphical user interface, SAINT provides an integrated solution for vulnerability scanning, configuration compliance testing, penetration testing, canned reporting and custom report creation. SAINTmanager provides centralized management of multiple SAINTscanner instances (also referred to as "nodes"). As expected in a vulnerability management system, the product also includes a ticketing system for problem resolution, centralized scheduling of scans, policy management, scanner updates and policy customization. While the company provided a hardware appliance for this evaluation, the system also can run as a standalone product on a Mac- or Linux-based desktop/notebook; a Windows desktop, using a virtual machine (VM); or as a shared resource on a Linux-based server or VM.
The initial system setup was fairly simple. After connecting the appliance to the network, it was powered up. A simple set of configuration questions designed to set up the network was presented. The next step was to connect to the system by opening a browser on a laptop and connecting to the IP address of the box. Initially, we had a little difficulty getting the proper key to sync the scanner with the management product. However, the SAINT support services were prompt and knowledgeable in helping to remedy the key issue in a short amount of time. All management and use of the system took place from the remote browser. SAINT employs a very simple graphic dashboard. The active settings are contained in a dropdown tool, titled "Quick Nav." There are 12 top-level options - under the headings Scanning, Management, and Data - used to manage almost all features. Under these is an array of features and configuration settings allowing the user to highly customize the system to suit personal preferences. During this stage, there was a bit of a learning curve as the terminology was different than other similar products. It took a while to figure out that the "node" (represented by the scanner MAC address) had to be selected before scanning could be enabled. Once this was done, all of the pieces required to get the system operational fell into place. The "Help" feature was useful, but it took some digging to find all the pieces needed. Once the solution was running it performed very well. Automated reporting was excellent. The policy settings were easy to navigate and customize, and include a great set of compliance policy options.
SAINT offers both free and fee-based support. The 8:30 a.m. to 6 p.m. phone and email support is included at no extra cost to all customers. The fee-based support service is an additional cost at 10 percent of the original product price. Other services are available on the company's website, including a searchable knowledge base, as well as a collection of searchable documents. There is also a FAQ reference tool. Additionally, SAINT provides an excellent on-demand video collection and certification training.
Overall, the value for the cost of the product - including the support services - is very good.
Sign up to our newsletters
SC Magazine Articles
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Report: $19M breach settlement between MasterCard, Target terminated
- Logjam attack exposes data passed over TLS connections
- Google releases Chrome 43, addresses 37 bugs
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Senate fails to pass USA Freedom Act; McConnell moves for revote of Patriot Act extension
- Android ransomware distributed to English speakers in spam campaign
- Site operator sentenced to 13 months for facilitating prostitution
- ISA presses for data to shape cyber security policy, encourages use of NIST framework
- Former Jacobi Medical Center employee improperly emails patient data