Cenzic Hailstorm ARC
Strengths: Targeted in-depth web application assessment.
Weaknesses: Product should have its own web server, which adds to the overall cost of ownership.
Verdict: We liked this product, but it suffers from a lack of comprehensive documentation.
SummaryCenzic Hailstorm ARC is a web application vulnerability scanner. This product can scan websites and web applications in the enterprise to see how vulnerable they are to possible attack from hackers. This application can also go above and beyond standard scanning by providing complete risk analysis and compliance checks as well.
The installation of this tool was quite easy, and most of the installation is automated. After the .NET Framework and IIS are installed, this application pretty much installs itself. The installation is guided by a simple setup wizard and, after a few clicks, the product installed all the
Post-installation is the only slightly tricky part. The product is bound to the machine using a machine ID, so we had to copy and paste this into an email and send it off to wait for our license key. Administration is done from a web-based console. This console is easy to use and fairly intuitive to navigate with a tab-top navigation structure.
This product comes with many pre-defined scans and assessments ready to go. All we had to do was add the target, choose the policy and run the scan. Scans can be setup with a number of different options, including Active Directory login credentials and various compliance groups. This product can support compliance regulations.
Documentation provided with this tool included an installation guide and evaluation guide. The installation guide provides in-depth, step-by-step details of the whole installation process, including many screen shots and examples of the installation wizard. The evaluation guide provides a quick overview of adding targets and running a scan along with screen shots. We did not receive any other documentation for this product, such as an administrator or user guide.
The company offers basic 12/5 phone and email support with the purchase of an annual subscription. 24/7 support is also available at a cost of a 10 percent additional fee. There is also a support area on the website that offers a FAQ section and a customer support portal.
At a cost of $26,000, we find this product to be a good value for the money. It provides targeted web application assessment in a simple-to-use, fully integratable format.