Saintscanner and Saintexploit
Strengths: Solid set of vulnerability management tools.
Weaknesses: None that we found.
Verdict: Lots of heavy experience packed into a single box.
SummaryLast year at about this time, we were introduced to Saintbox from Saint and found it a wonderful marriage of all the Saint products in one easy-to-use appliance. Well, this year Saintbox is back and it is still quite the product. The tool brings together all the various Saint modules, such as Saintscanner, Saintexploit and Saintwriter, all in one convenient package. Using these modules together provides full scanning and penetration testing capabilities to ensure systems are secure throughout the enterprise.
Some may remember Saint's early days when to install and use the product one had to have an available Linux box, install all the modules, and then go through a license process before finally starting to use the product. This whole process has been simplified using the Saintbox. The appliance itself comes preloaded with all the necessary software, so users no longer have to touch Linux to get it running. At the first power-up of the appliance, the user is taken through a short on-screen setup wizard that installs the initial network and appliance settings. From there, all further management and administration is done using an intuitive web-based interface. The one thing we really find appealing about the interface is that it has become more organized and easier to use with better integration across all the various components.
So what can you do with Saintbox? Well, the better question is, what can't you do. This product starts with an initial scan that can be run from various prebuilt templates or a custom template designed by the user. These scans can have various goals in mind, including vulnerability scanning, configuration compliance testing and penetration testing. At the completion of the scan, Saintwriter can be used to generate in-depth reports and analysis of the security posture throughout the environment. Also included are several compliance templates, and the scanner uses references from several databases.
Documentation is comprised of a quick-start guide and help file. The quick-start guide details how to connect the Saint appliance to the network, obtain the license key and start the first scan, all in clear, step-by-step instructions. The help file provides further information on how to use the product and configure functions with many nicely illustrated screen shots, step-by-step instructions and configuration examples. We find all documentation to be complete and well-organized.
Saint offers base-level phone and email support to customers as part of the product price. Phone technical help is available during business hours,
Monday through Friday. Customers also have access to an online portal, which includes documentation, a vulnerability knowledge base and an FAQ section. Customers who require 24/7 assistance can purchase it as part of an extra cost.
At a price of $19,000 for a 1,000 IP scanning license, we find this product to be a very good value for the money. The Saintbox, loaded with Saint Enterprise, combines all the tools needed for solid vulnerability management - from simple scanning through compliance and penetration testing - ready to go right out of the box.