Webtrends security analyzer is a promising new player in the systems and network security scanning field, not only giving network managers prebuilt tests to nail security problems but also letting them construct their own audits.
The only significant weakness in WebTrends Corp.’s software is that it doesn’t wield nearly as much power over NetWare and Unix servers as it does over Windows NT and Windows 9x machines, thus limiting it to Windows-centric shops. In PC Week Labs’ tests, for example, WebTrends Security Analyzer identified only seven minor problems on a Solaris server with known security risks. In contrast, Internet Security Systems Inc.’s Internet Scanner 5.6, a capable competitor in the security scanner arena, works well with a variety of Unix and NetWare servers in addition to NT systems.
Except for its operating system limitations, WebTrends Security Analyzer 2.0 the first release of the product despite its version number is a great choice for “agentless” detection of vulnerabilities on Windows NT servers and networks. Its biggest strength is that it comes with an SDK (software development kit) that network managers can use to create their own audits, and the software also can easily download new audits from WebTrends’ Web site.
Network managers with no security system in place should evaluate WebTrends Security Analyzer. At $4,999 for the enterprise edition, which shipped in late January and includes an unlimited number of IP addresses across an unlimited number of subnets, it competes favorably with ISS’ Internet Scanner, which costs $4,995 for a 254-node license.
Even managers already using an intrusion detection system should consider WebTrends’ security scanner. During tests, we quickly identified more than 15 serious security exposures on a 60-system NT test network some that we expected to find, and more than a couple that we didn’t.
WebTrends’ preconfigured tests, which it calls “policies,” proved more than adequate. For example, WebTrends Security Analyzer found 87 potential security problems on the 60-machine testbed, ranging from blank passwords a bad Labs habit! to Distributed Component Object Module configurations that opened us up to attack. ISS’ Internet Scanner found 124 security exposures, mostly minor variations of those identified by the WebTrends product.
WebTrends’ audit gave us an extensive report on the problems it found, ranking them by severity. The report also provided either a clear, step-by-step procedure for fixing a problem or an explanation of the weakness; the latter often includes a URL for a site where a remedy can be found.
The SDK in WebTrends Security Analyzer puts it ahead of rivals such as Internet Scanner and Netect Inc.’s HackerShield 1.0 for network managers who want to tailor audits to match their sites. All other products we’ve tested rely on the vendor to come out with new tests to audit servers and networks for weaknesses.
The arrival of WebTrends Security Analyzer also means that HackerShield is no longer the only security analysis product to supply additional tests over the Web. The AutoSync facility in WebTrends’ scanner let us easily update the program as soon as it was installed. A year’s subscription to WebTrends’ test update service is $999.
WebTrends Security Analyzer’s intuitive interface is an easy entry into the product. It was simple to set up security audits that ran a variety of policies against specific IP addresses. It was equally easy to schedule audits to run outside work hours, something we did because each scan could take as long as 5 minutes per machine to complete, the same as other products we’ve tested. We could also tune each policy to perform either a complete or a light-duty security scan, port analysis or ping test.
WebTrends Security Analyzer, like other security scanners, does all its processing on one server without using agents on the target machines. This nearly eliminates the performance impact on any machine being scanned.
Executive Summary: WebTrends Security Analyzer 2.0
WebTrends’ security scanner is a good place to start for managers looking to secure their networks. The competitively priced WebTrends Security Analyzer also nicely complements intrusion detection systems already in place by revealing obvious security holes as long as the machines it is scanning are Windows systems.
Pros: SDK lets managers build security audits tailored to their sites’ needs; allows simple, automatic download of new tests from WebTrends’ Web site.
Cons: Little facility for finding vulnerabilities on Unix and NetWare servers.