ZOHO ManageEngine Security Manager Plus v5.5 (Build 5506)
February 01, 2013
Starts at $695.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Quick and easy to configure and use.
- Weaknesses: The ticketing/change management feature was fairly rudimentary.
- Verdict: For the price, this is a strong entry-level tool for small organizations.
Security Manager Plus (Professional Edition) is a network security scanner that proactively reports on network vulnerabilities and helps to remediate them and ensure compliance. With vulnerability scanning, open ports detection, patch management, Windows file/folder/registry change management and vulnerability reporting capabilities, the tool protects the network from security threats and malicious attacks. ManageEngine, an External Vulnerability Aggregator, draws vulnerability information from various security sources through email and RSS feeds. Patch information is vetted and correlated into a vulnerability database. This database is published to clients in an effort to keep the database at the client end current. All scanning, patching and reporting is done by the Security Manager Plus at the client end. Agents are deployed to address systems that are behind firewalls or where configuration settings on a remote machine do not allow direct interrogation and remediation. Product features include vulnerability scanning, open port detection, hardware and software inventory, Windows users and groups, scheduling and scan automation, patch management (includes specific Linux distributions), trouble-ticket mail generation, Windows change management, audit reports, PCI DSS compliance, CVE cross-reference, and the vulnerability database.
The tool is often installed on Windows Servers and does not require the installation of any other third-party software for Windows (installation on Linux requires Samba-TNG to be installed additionally). The product has been validated to run under a number of Windows systems, as well as Red Hat Linux, Debian, CentOS and open SUSE. For our evaluation, ZOHO provided a CD for installing the product and our implementation went smoothly. Configuration took just minutes to complete and a scan was initiated. The product found all 11 of our test systems. The tool has a clean graphic dashboard that we used to look up support documentation, including the community website. The admin tab provided a dashboard for managing settings and an array of other functions. Email reporting was configured and CVE vulnerability reports were produced. Payment card industry reports were generated through automated reporting. Too, the risk and correction functions were easy to use and provided some easy remediation recommendations. Finally, change management tickets were created and processed. Overall, the product performed well.
Documentation included web-based assistance, including installation and user instructions, FAQ, troubleshooting tips, a document library, tutorials, user forums and more.
Basic no-fee support provides 24/5 telephone and email assistance for the evaluation period. Fee-based options are covered in the product cost for the first year. During subsequent years, fees cost 20 percent of the license fee.
We found that as an entry-level vulnerability management system, the value provided by this tool is good for its cost.
Sign up to our newsletters
SC Magazine Articles
- Free security tools help detect Hacking Team malware
- Zero-day in Fiat Chrysler feature allows remote control of vehicles
- All smartwatches are vulnerable to attack, finds study
- Fake games in Google Play redirect Android users to porn sites
- Survey: Black Hat 2015 attendees most concerned about targeted attacks
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- Critical Android bugs can be exploited via MMS, 950M users affected
- Breach affects 3,000 clients enrolled in Georgia state program
- Top of the app charts - Shuabang: automated malware made in China
- Federal appeals court rules no expectation of privacy for preventable 'butt dials'