DragonSoft Vulnerability Management Tool - Essay Example

?Introduction Information is lifeblood for any organization. As information is digitized, it is stored on information systems and travels to the inbound and outbound network. The storage and transmission of data is essential for business automation and business functions. However, there are many challenges that organizations have to overcome for securing the information on the network as well as in the servers. Certified skilled professionals, certified vulnerability assessment tools, incident response management teams and other relevant staff plays a significant role for protecting and detecting potential threats and vulnerabilities that may or have compromise the network to gain access to business critical information of the organization. There is a requirement of a powerful vulnerability assessment and management tool that will facilitate the network security team in crises situations. Moreover, there is one more challenge for the network administrators i.e. they are not able to find traces for the threat that has already penetrated into a distributed network environment. Likewise, distributed network is a merger of two or more networks and may be operational on a broad spectrum. Moreover, the existing network security controls are not capable to detect the worm, as the distributed network is connected to one or more networks; it is difficult to analyze specific anomalies and patterns of unknown activity on the distributed network. Furthermore, the combination of infinite data packets can construct a major impact on the network because they all have the same frequency and are associated with the same domain that is similar to the current scenario. For addressing this issue, powerful vulnerability detection and assessment tools are required for detecting threats on a distributed network. Tools supporting pattern detection for distributed network environment provides a network wide correlation analysis associated with instant parameters along with anomalous space extraction, instant amplitude and instant frequency. We will discuss tools that are available for vulnerability assessment and can be utilized by the network administrator for enabling instant amplitude and instant frequency so that transmission of data packets on the network can detect unknown activities or patterns on the network. Moreover, these tools will also facilitate to categorize data packets in to time and frequency domains distinctly. Furthermore, network administrators can also implement a methodology, subset of the current methodology, which is called as anomalous space extraction based on predictions of network traffic or transmission of data packets. Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense. Security has become an encircling issue for designers and developers of the digital world. A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs. Information security incident handling takes a stride forward in the information security management procedure. The aim is to provide a reference for the management, administration and other technical operational staff. If considering the enterprise government, focus on executing management actions is required to support the strategic goals of the organization. It has been calculated approximately half of the breaches to the security of the information systems are made by the internal staff or employee of the organization. Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues. The standard of the incident management primarily relates to ensure the existence of processes rather than the contents of these procedures. The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization need to tailor the security incident handling plan according to specific operational requirements. In order to do so, the security staff must equip with tools for vulnerability detection and assessment. We will discuss and compare various features of two tools i.e. Dragonsoft Vulnerability Management and GFI LANguard. However, the criteria for comparing these two tools will be the ability to detect vulnerabilities, report and facilitate to mitigate threats and risks. Functionality and Features DragonSoft Vulnerability Management tool is preferable for small medium enterprises to corporate enterprises. The primary tasks is scan the network for detecting vulnerabilities, evaluation of the detected vulnerabilities in order to provide the basis for performing risk assessment. Moreover, the tool also generates reports and performs centralized risk assessment along with risk mitigation options. Likewise, DragonSoft Vulnerability Management tool monitors and assess potential vulnerability details prior scanning assets defined on the network. Other features of DragonSoft Vulnerability Management tool incorporates security scanning with security audit that includes vulnerability audit, password audits and test incorporating Denial of Service (DoS) with the vulnerability database consisting of 4500 vulnerability definitions (DragonSoft Vulnerability Management. 2011). Moreover, the centralized risk assessment for vulnerabilities provides centralized administration and management for internal as well as external host remediation. The tool also support compliance and audit functions for International Organization for Standardization (ISO) 27001, HIPAA, government or federal regulations and Payment Card Industry Digital Security Standard (PCI-DSS). Furthermore, the graphical representation embedded in the tool identifies areas for deploying missing or updated security patches on the network (DragonSoft Vulnerability Management. 2011). The installation process for this tool is simple and can be accomplished by following a installation wizard. Likewise, after installation, different scanning options can be configured and can be executed within the tool (DragonSoft Vulnerability Management. 2011). Moreover, the navigation and ease of use for this tool is easy, as built in scan templates makes the scanning task easier for the network security staff. Likewise, these built-in templates can also be called as different policy templates. However, policies can be edited for meeting the requirements of the organization and can also be created from the start. As these templates provides the basis for the tool to be flexible. Apart from these policy templates that are utilized for scanning purpose, there are embedded wizards that can be executed for configuration audits (DragonSoft Vulnerability Management. 2011). However, during the navigation between dialogue boxes, modules are relatively slow and occasionally become halted. The documentation that comes with this tool includes a user guide that comprehensively demonstrates the lifecycle of the product starting from the installation procedure to the configuration, administration, management and maintenance. Overall, the documentation is well structures and most importantly understandable. A three months free demo trial is available on the website. However, after the purchase, a three months installation support on the telephone only is bundled with the product. Likewise, if a 12 months agreement is signed, full support is available that includes phone and email support. The initial cost that is required for this tool is around $7000. GFI LANguard is a network vulnerability scanning and patch management tool. Likewise, the tool facilitates patch management functions, vulnerability management, application and network audit, simplifying asset inventory, change management, and analysis for risk and compliance. Moreover, the tool also scans all the assets on the network, identify them, categorize them as per security weaknesses based on their impact level and then suggest a remediation plan or action (GF LANguard. 2011). Throughout the GFI LANguard security review, greater than 15 thousand weaknesses per IP address were identified for the operating systems, virtual environments and installed software. GFI LANguard is a multi-platform supported tool that can scan Windows, Linux and Mac based machines. Moreover, the tool incorporates its own database for accessing vulnerabilities, as the database includes more than 2000 CVE and SANS top 20 identified vulnerabilities. The database can be regularly updated by retrieving information from Microsoft security updates, SANS, GFI resources and other information repositories. Moreover, GFI LANguard also provides a graphical indicator that shows levels of each associated threats in order to demonstrate a weighted assessment of the current vulnerability status of the computer. The GFI LANguard tool also provides the user to establish customized a specific vulnerability scan via a simple wizard. However, complex vulnerability assessment scans can also be established via a wizard based Visual Basic Scripted engine. Moreover, the wizard also empower users to configure different types of scans targeting various types if information. For instance, scanning public file sharing on the network, password policy and security audit scanning, detecting any missing security updates or patches on workstation connected to the network. Moreover, the tool can also be utilized to review the hardened servers for any open ports by scanning closed and opened ports, unnecessary ports for detecting port hijacking, disabling or identifying unnecessary local and group accounts, detecting adware, spyware or black listed software applications still running in hidden files. Furthermore, the powerful tool also scans the connected Universal Serial Bus devices that are connected to workstations at the time of scanning. The scanned results can be demonstrated by export options for Microsoft Excel. GFI LANguard website provides a free version of the tool that is only limited to scan five IP addresses within the network; however, all the features and functions are activated. Evaluation Criteria Evaluation Criteria DragonSoft Assessment GFILANguard Assessment Installation Installation procedure is very easy, as the three months trial package is available from the website Installation procedure is simple, as the trial package is available powered with full features with only limitation to five IP addresses. Scanning Scan the network for detecting vulnerabilities Evaluation of the detected vulnerabilities Basis for performing risk assessment Security scanning with security audit that includes vulnerability audit, password audits and test incorporating Denial of Service (DoS) with the vulnerability database consisting of 4500 vulnerability definitions Built in scan templates Embedded wizards that can be executed for configuration security audits Supports patch management functions, vulnerability management, application and network audit, simplifying asset inventory, change management, and analysis for risk and compliance Scans all the assets on the network, identify them, categorize them as per security weaknesses based on their impact level and then suggest a remediation plan Establish customized a specific vulnerability scan via a simple wizard Complex vulnerability assessment scans can also be established via a wizard based Visual Basic Scripted engine The tool can also be utilized to review the hardened servers for any open ports by scanning closed and opened ports, unnecessary ports for detecting port hijacking, disabling or identifying unnecessary local and group accounts, detecting adware, spyware or black listed software applications still running in hidden files Also scans the connected Universal Serial Bus devices that are connected to workstations at the time of scanning. Remediation Graphical representation embedded in the tool identifies areas for deploying missing or updated security patches on the network Suggest a remediation plan and course of actions Demonstrate a weighted assessment of the current vulnerability status of the computer Reporting and Agents The documentation is well structures and most importantly understandable Graphical representation of reports via pie charts and graphs Detection Engine Vulnerability Management tool incorporates security scanning with security audit that includes vulnerability audit, password audits and test incorporating Denial of Service (DoS) with the vulnerability database consisting of 4500 vulnerability definitions Multi-platform supported tool that can scan Windows, Linux and Mac based machines. Moreover, the tool incorporates its own database for accessing vulnerabilities, as the database includes more than 2000 CVE and SANS top 20 identified vulnerabilities Others The tool also support compliance and audit functions for International Organization for Standardization (ISO) 27001, HIPAA, government or federal regulations and Payment Card Industry Digital Security Standard (PCI-DSS) Conclusion After comparing features for both of the tools, GFILANguard is relatively more powerful in detecting vulnerabilities ranging from facilitating to the asset inventory, change management, security audit, port scanning, server hardening, risk assessment and USB scanning. Moreover, platform support is a huge advantage for an environment running servers on multiple platforms. Whereas, Dragonsoft vulnerability management tool can serve better in small medium enterprises, as it incorporates features that may align with medium to small computing environment. Bibliography DragonSoft Vulnerability Management. 2011. SC Magazine: For IT Security Professionals (15476693), 22(2), pp. 55-55. GF LANguard. 2011. SC Magazine: For IT Security Professionals (15476693), 22(2), pp. 56-56. Read More