Strengths: Granular control over assets through administrative domains.
Weaknesses: Can be expensive for some environments.
Verdict: A solid choice with a lot of miles behind it, and a good record of growth over the years.
SummaryThe FortiScan-3000C from Fortinet provides full agent-based and agent-less vulnerability scanning, as well as patch management capabilities and remediation. With this appliance, administrators can easily manage assets throughout the network and perform full compliance-based auditing and reporting to ensure compliance and security policies are met on an ongoing basis. This tool is available both as physical hardware or as a virtual appliance that can be deployed on VMware ESX or vSphere, as well as on a Citrix Xen system.
We find this product to be easy to deploy and configure. The initial deployment took just a few minutes and we were setting up asset groups almost instantly. A feature we find quite useful is the way the FortiScan organizes administration of assets. An administrator can set up multiple administrative domains (ADOMs), and the administrator responsible can access the domain and manage assets. This provides granular control, as well as ensures that sensitive assets are only managed by an administrator that understands the necessary patch and security level of those assets.
From a compliance and reporting standpoint, this tool has a lot built in and ready to go right out of the box. The FortiScan is capable of doing an agent-less network scan, which yields information throughout the enterprise, such as asset discovery and inventory management, as well as security, vulnerability and compliance posture. For more in-depth scan detail, agents can be deployed onto assets, and this will yield full patch management and remediation capabilities, as well as compliance scanning, with templates included for NIST's Security Content Automation Protocol (SCAP) and Federal Desktop Core Configuration (FDCC), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GBLA), Health Insurance Portability and Accountability Act (HIPAA), ISO 17799 and FISMA.
Documentation includes user and installation guides and a full help file. The installation guide provides a great amount of detail on installation and configuration of the appliance, as well as some initial setup steps to get started with the scanner. The user guide takes over from there and provides detailed instructions on how to use the product and navigate around the web-based management GUI. We find all documentation to be well-organized and to include many clear step-by-step instructions.
While Fortinet only provides no-cost support to proof-of-concept customers, it does offer two options as part of an annual contract. Customers can purchase support through the FortiCare program as part of an eight-hours-a-day/five-days-a-week or 24/7 package. These include both phone and email technical assistance, as well as access to an online portal loaded with product downloads and other resources.
At a price just shy of $40,000 for the appliance-based option, this product does come with a hefty price tag. However, we find it to be a good value for the money as it contains some excellent features, is easy to use, and can scan, report and remediate many platforms, along with a multitude of compliance management and reporting options.