Cenzic Hailstorm Enterprise ARC 5.5 is a centrally managed web application assessment product. The product is offered as Hailstorm Enterprise ARC (Application Risk Controller), which consists of a web-based dashboard, as well as a separate standalone desktop application component for customizing projects, scan settings and policies.
The product installed easily on our test server. The solution installs on Windows 2000/XP/2003 and requires at least IIS 5.0 for its web server. It also installs a copy of MySQL for its backend database. Although
Cenzic recommends that main components be installed separately from each on respective hosts, they can all be installed on the same machine, albeit with some small challenges.
The web interface is well designed and easy to navigate. Overall, the product’s enterprise-class features are apparent and administrators can control user access through roles and customized central management. Performance-wise, the product performed adequately in our scanning tests and discovered all of the vulnerabilities that we expected it to.
From an administration perspective, the solution really shines. Policy and configuration edits are typically done by power-users, while scanning tasks can be performed out of the box by developers or quality assurance personnel through role-based access control.
The web-based documentation is thorough and well organized. The use of screen shots is well placed and evenly distributed.
Support for the Hailstorm is adequate. Cenzic provides a 12/5 support offering that is included with the base subscription, or a 24/7 support option for 10 percent of the subscription price. Cenzic’s website offers a support phone number, as well as a request form and a handful of technical white papers.
Pricing for Hailstorm Enterprise ARC is based on an annual subscription and starts at $26,000. Pricing includes the product, plus a support option.