Secunia Corporate Software Inspector (CSI)
Strengths: Application vulnerability scanning with an always updated backend.
Weaknesses: Would like to see integrated compliance-based scanning.
Verdict: Good value and performance in a reasonably priced package.
SummaryThe Corporate Software Inspector (CSI) from Secunia takes an interesting approach to vulnerability assessment. This product focuses primarily on application-based vulnerabilities, rather than just open ports or other security holes. The CSI can assess the security state of all installed programs running throughout the enterprise and suggest possible remediation steps to fix any potential security risks or outdated applications. Furthermore, this solution can assess applications running on Microsoft Windows machines, as well as Mac OS X platforms.
Installation is simple and quick, launched from a small executable, which initiates a short setup wizard. At the completion of the wizard, the application can be run and the main management console opens. The management console has an organized layout. The first time it is run, it shows a few brief configuration steps to get started. We also find it quite easy to navigate around the interface, as well as configure scans. The navigation structure of the interface is also quite well organized with intuitive sections for easy configuration and browsing. One of the nicest features of the console is a fully customizable dashboard, which starts out as a blank canvas onto which multiple modules can be dropped right in. There are many modules to choose from and all provide a clean overview of previous scan information and historical data at a glance.
The main driving force of this product is the database backend that is hosted by Secunia and interfaces directly with the application. The Secunia Advisory and Vulnerability Database includes complete and constantly updated information that is always available on demand to the front-end installed application, so there is less time spent updating the product and more time spent scanning and analyzing results. CSI also can be integrated with an onsite Windows Update Server to easily, and with little administrator interaction, deploy Microsoft Windows-based updates to assets.
Documentation includes a single user manual that covers the product from installation all the way through advance configuration and use of features and functions. We find this to be well organized and to include an excellent amount of information without being overly lengthy or hard to follow. The guide is also enhanced with many clear, step-by-step instructions, configuration examples and screen shots.
Secunia provides no-cost phone- and email-based technical support to enterprise customers during their subscription period. Customers also can opt for additional assistance as part of an agreement. Additional levels include faster response times and onsite installation and training. Also available to all customers is access to an online portal, which includes a user forum and knowledge base.
At a price starting at $2,840 per year for the small business version of the product, we find this to be a good value for the money. Secunia Corporate Software Inspector provides full application vulnerability scanning that is always updated and ready to go to ensure solid security among all applications throughout the enterprise environment.