SAINT Security Suite 9.5 combines active vulnerability scanning, content scanning, web application scanning, mobile assessments, network device firmware assessments, configuration auditing, penetration testing, social-engineering and reporting into a single, fully integrated solution. It can scale from small to large deployments and supports a variety of integrations. It can be deployed through a software download, virtual appliance, pre-configured hardware appliance, AWS, AMI or as a cloud-service.
Over the past year, SAINT has added a multitude of features to its Security Suite, including SIEM integrations, broader support for CIS benchmarks, agent-based capabilities and third-party ticketing integration. This ticketing system supports workflow automation, allowing security teams to set different rules based on which actions they want taken and when.
SAINT provides agentless scanning by deploying vulnerability probes to target assets contained in pre-defined or customized policies through credentialed or non-credentialed scans. The solution also offers a local agent option.
A clean, customizable dashboard showcases easy-to-filter functionality to quickly sift through plain severity and get to the threats most important to an organization and its business. SAINT uses data from an analytics perspective, leveraging asset management capabilities to give data business context to prioritize vulnerabilities. A helpful tutorial explains a vulnerability, offering information on remediation options to foster understanding of an organization’s assets and how to fix them after scanning.
An historic trend line provides a deeper understanding of how security operations are faring. Severity can be customized into sets based on business context and needs so that focus is trained where it matters. Sets can also be structured around different standards and frameworks to create classifications more specific to compliance. Drilling down into the data yields specific details about vulnerabilities, aiming to reduce the overwhelming aspect of vulnerability management and driving a security team’s efficiency.
The tool provides analysis capabilities to investigate and prioritize remediation activities, alignment of vulnerabilities with CVE, severity categories, CVSS score, custom severity coding, known exploits and remediation tutorial content. A “what if” analysis functionality allows you to flag vulnerabilities as exclusions and will show or hide corresponding records.
SAINT showcases rich reporting capabilities through pre-defined report templates and more than 160 customizable features to tailor reporting. The solution supports scanning solutions for a variety of compliance frameworks and standards like PCI, FISMA, HIOAA, NERC CIP and SOX. SAINT, a PCI Approved Scanning Vendor, provides internal and external assessments through a browser-based GUI and a REST API or Command Line Interface for third-party integration.
Starting price is $2,000 for an annual subscription for small business and consultants and $5,000 for a mid-level enterprise. Support includes phone and email Monday through Friday 8:30 a.m. to 6 p.m. at no additional cost.
Tested by Tom Weil