Lumension Scan is a part of the larger Lumension Vulnerability Management platform. While this tool is only a part of the larger platform, it does have some good capability built in. This product can be used to scan the enterprise network and identify assets and seek out vulnerabilities and weaknesses on devices before they can be exploited by an attack. The powerful scanning engine uses information from databases - such as Common Vulnerabilities and Exposures (CVE), Bugtraq, SANS, MS Advisory and National Vulnerability Database - to provide a comprehensive picture of vulnerabilities. Once the audit is complete, the tool provides a multitude of reporting options that provide a great amount of detail on the security posture of the environment.
Installation is straightforward and can be done on almost any Microsoft Windows machine running XP, all the way up to Server 2008. The installation itself is done by simply launching an executable file, which brings up a short installation wizard. At the completion of the wizard, the application can be launched and scanning can begin. The first thing we noticed when we brought up the application is that the interface is simple in design and easy to navigate. Configuring and starting a scan takes just a few clicks of the mouse and the scan is running within minutes of the initial setup.
We find this application to be a good news/bad news type of tool. The good news is that this scanner provides a large amount of scanning capability. This product can scan, as well as assess, several platforms, including switches, routers, Microsoft Windows, Mac OS and Linux. Scans can be configured to use credentials, and the tool even has some nice automation options available. The bad news is that it is primarily just the first step in vulnerability management. That is, it lacks options such as remediation. Other components from the suite must be purchased separately. With that said, we did find it to be a very solid scanner, which provides useful information in its scanning results.
Documentation is average at best, primarily consisting of a single user guide PDF, which includes all information - from setup through configuration and management. We find this to be quite comprehensive and easy to follow, but it lacks clear instructions in various areas and there are no screen shots or diagrams anywhere in the guide.
Lumension includes standard support as part of the subscription cost of the product. This includes eight-hours-a-day/five-days-a-week phone-based technical support, one-business-day response to email, and full access to an online knowledge base and user forum, as well as free updates and upgrades. Premium assistance is available at an added per-node cost to the subscription fee. This includes 24/5 phone technical support with four-hour response on weekends and unlimited, four-hour email response, among other advanced help features.
At a price of $6.50 per node per year for 1,000-2,499 nodes, this product is quite expensive for what it does. However, it does include some strong features and includes a solid scanning engine that provides comprehensive vulnerability scanning to a large number of devices and systems. We find this product to be an average value for the money.