We were surprised and excited to see that we would be reviewing SAINT's Security Suite, as this year we have seen other Vulnerability Management companies integrate pieces of SAINT into their product. For instance, we found one company uses the SAINT appliance and SAINT portal to conduct their scanning. Another company implemented SAINT to conduct vulnerability management while utilizing their own internal reporting tools. If you know SAINT's history, it shouldn't surprise you that other companies are integrating pieces of their platform, as SAINT has been around since the late 1990s.
SAINT provides agentless scanning by deploying vulnerability probes to target assets. These targets are contained in scan policies and are credentialed or un-credentials scans. SAINT does note that agent-based scanning is planned for Q3 of 2018. Asset-based risk management is also supported by the integration with LDAP servers, AWS instance IDs, and user-defined asset tags.
SAINT is known for its sophistication as it combines vulnerability testing and penetration testing. SAINT's proprietary exploit engine supports automated and manual penetration testing via pre-defined policies, vulnerability-specific exploits, or exploit tools to investigate specific areas of risk. This toolbox also includes several social engineering tools such as phishing, click loggers, password grabbers, and keystroke loggers to assess the human side of risk.
SAINT offers support for several industry compliance areas in which there has been a steadily rising need in the industry. SAINT is NIST-validated under the SCAP v.1.2 standard and Cyberscope report format which supports patching, vulnerability, inventory and configuration benchmark auditing. SAINT also informs us that support for CIS benchmarks is targeted for Q4, 2018. SAINT provides scanning solutions for PCI, FISMA, HIPAA, NERC CIP and SOX. Scanning solutions also cover PCI internal and external assessments and is a PCI-Approved Scanning Vendor (ASV). All This support is capable through a browser-based GUI, as well via a REST API or Command Line Interface (CLI) for third-party integration.
Last year the review team tested the SAINTBox hardware appliance; this year we tested the SAINT Security Suite software as a virtual appliance. Keep in mind: SAINT is still a Unix/Linux tool, and because of this there is very low resource consumption. Most other vulnerability management products we have come across run on a Windows operating system, and usually are extremely resource intensive.
We had no complaints setting SAINT up as it was a smooth process with no difficulties. After adding the license key, we received, we set SAINT as a background process then accessed the Security Suite from a separate Windows machine via the web browser. As soon as we logged in, we were presented with a message letting us know that no scan jobs have been created and asked us if we liked to create one. You honestly can't make this initial process any easier. SAINT offers robust customizability when setting up a scan which we used to set up a full vulnerability scan. The amount of time the vulnerability scan took to complete was rather quick and without surprises.
SAINT enables threat migration through integration with Cisco ISE to quarantine any assets deemed high-risk during scan analysis. SAINT also provides integration with IBM's QRadar SIEM, EventTracker SIEM, RSAM GRC and Cisco FireSIGHT for facilitated data correlation and risk analysis. SAINT Security Suite is very comprehensive even in their reporting capabilities, as it offers pre-defined report templates and over 160 customization reporting features. You can also export a report to HTML, PDF, CSV, and XML.
We read through SAINT's documentation and referred to it a few times when utilizing some of the components. The documentation was thorough with many useful screenshots. SAINT offers basic no-cost support which provides full customer support Monday through Friday from 8:30 am - 6:00 pm, EST, at no cost for licensed customers. Basic support includes access to phone support, ticket inquiries, and web-based online help with video content. SAINT also provides 24x7 access to the support portal, mySAINT customer portal, knowledge base and online documentation. There are additional levels of support offered as an additional fee which can be at a negotiated price, based on specific customer requirements and defined Service Level Agreements (SLA).
- Matt Hreben;
tested by Matt Hreben and Michael Diehl