McAfee Hercules Policy Auditor
Support for many operating systems and the ability to take input from vulnerability scanners.
The product is difficult to install and very complex to manage.
Verdict: For the largest enterprises, this product might be a fit. It requires a significant time investment from the administration staff to configure and administer the Hercules product.
The Hercules Policy Auditor and Remediation Manager are the products that were formerly known as the Citadel Hercules product. These products have one very unique feature: they can input the output from popular vulnerability scanners — pretty much any scanner that uses the CVE (common vulnerability exploit) numbering scheme — and use the product to remediate the vulnerability. The Hercules product supports a large number of operating systems, including several variants of Unix, Linux, Microsoft and Mac systems.
Installation of Hercules Policy Auditor and Remediation Manager is quite tricky. The Policy Auditor appears only to install on Windows 2003 Servers with no Active Directory components installed, but the product requires .net, Internet Information Server (IIS) and Microsoft SQL Server. Once the underlying OS is configured, the installation of the Hercules packages can begin. The Policy Auditor has four main components: the download server, the main Hercules server, the channel server and the reporting server. Each component requires some attention to detail, and it is necessary to refer back to the installation and user guides.
There are many PDFs available for this product and all the PDFs are indexed and searchable. Most of the PDFs are pretty lengthy, so having the index is quite handy. We found the installation and the quick-start guides to be the most valuable in this test.
McAfee offers many different levels of paid support for the Hercules product. Options vary from 8x5 phone support to 24/7 support.
The McAfee Hercules Policy Auditor and Remediation Manager is at the upper end of cost when compared with other products tested in this group, but the Hercules product is also quite feature rich and includes support for many different operating systems. It is quite clear that Hercules is aimed at large enterprises. Cost of ownership, of course, must be considered in context with additional cost of support. Taken together this is not an inexpensive product, but considering its target implementation, the value for the money is good.