NGS Software Typhon

August 15, 2007

NGS Software Typhon is more of a traditional network vulnerabilityassessment tool with some application intelligence built in. Theutility was able to locate FTP-based vulnerabilities on our testsystem, but had difficulties with web assessment. The utility did notdisplay the name of URLs found during the crawl or group thevulnerabilities by category. Typhon was fooled with the custom errorpages into believing pages existed that did not. This yielded a list ofnon-existent pages and directories without much detail as to actualvulnerabilities. The number of false positives reported by the utilitywas well over 100.

This utility would perform well as a traditional networkvulnerability assessment tool, but lacks the features necessary toperform a web-based application vulnerability assessment. A uniquefeature to this utility is the ability to check for other ports open(which also created additional false positive responses), as well as anincluded war dialer. The utility offers one level of report that iseasy to read and understand for the technician.

The installation of Typhon was very simple and required onlyclicking "next" a few times to install the utility. Once Typhon wasinstalled, the utility was logically laid out and included an almostunnecessary wizard to configure the scan. Typhon also uninstalledcleanly and easily leaving the systems in their original states.

Documentation for the utility comes primarily through the includedhelp files with the utility. The files are complete and can assist anadministrator with configuration troubles. The utility is simple enoughto use that help files and documentation should not be necessary formost administrators.

The primary method of support is through email, with messages said to be responded to the next business day.

The pricing for Typhon was in the middle of the range of productstested at $10,445 (unlimited IP), which included the email support. Theprice is a bit high for the included features, and it performs more asa network vulnerability assessment application. It is priced more forthat category.

Product title
NGS Software Typhon
Product info
Name: Typhon Description: Price: $10,445 (unlimited IP)
Strength
Clean interface which is easy to navigate and requires no additional knowledge to use.
Weakness
More of a network vulnerability assessment application than an application vulnerability assessment application.
Verdict
A large number of web false positives and only one type of report availabe make this a better network vulnerability assessment utility.
prestitial ad