FOR

STAT Analyzer is designed to automate and streamline the network security assessment process. It does this by integrating with multiple network modeling and scanning tools. This approach enables you to use multiple scanning engines and then compare results. Supported scanners include Harris’ own STAT Scanner, ISS Internet Scanner and Network Associates’ CyberCop Scanner. For network modeling, it works with the third-party products NMap and Ipswitch’s WhatsUp Gold, which perform network discovery.

The advantage of using STAT Analyzer is that it automates the security assessment using several mostly third-party tools through a single user interface, which means that only one network policy and one network model is used to drive all the tools. It then correlates the output from these various tools into an integrated and customizable reporting structure.

STAT Analyzer runs on Windows 2000, NT or XP. Minimum hardware requirements are a 400MHz Pentium II with 256Mb RAM and 650Mb hard disk space. Installation is straightforward using the installation wizard on the supplied CD-ROM. Once installed, another wizard guides you through your first analysis.

The first step is to run a network discovery tool, Ipswitch’s WhatsUp Gold, that is included with the STAT Analyzer software. WhatsUp Gold identifies the physical devices associated with a network and forms a model of the existing network. Then Network Mapper (NMap), a freeware tool that is also included on the STAT Analyzer CD, is launched to aid in identifying the operating system and open ports for each device on the network. This completes the discovery and modeling phase of the security assessment process.

Next comes determination of your security policy. This is carried out using the Security Policy Editor. STAT Analyzer includes a selection of four pre-defined security policies to get you started quickly. These offer varying levels of security, from the most basic through more stringent to full U.S. Department of Defense C2 (‘Orange Book’) security standards. However, it is easy to create your own policies simply by ticking checkboxes on a ‘tree’ of policy elements.

The vulnerability-scanning phase follows. Harris’ own STAT Scanner is included with the STAT Analyzer software, which also integrates with third-party scanners from Internet Security Systems and Network Associates’ CyberCop range. By running multiple vulnerability scanners, you can combine the best features of the best-of-breed scanners on the market. But, multiple scanners means lots of data to analyze and, of course, a lot of duplication. STAT Analyzer correlates the results from multiple scanning engines and removes duplication. It also removes false positives, which are those vulnerabilities that do not apply to the user’s environment. False positives may occur when vulnerability findings conflict with operating system findings (for example, a UNIX vulnerability on a Windows machine), or when a particular application is required for the vulnerability to be exploitable (for example, when a vulnerability requires a database server and such a server is not installed).

Finally, the filtered results are organized by the severity of the exposure, and then presented to the user with the remediation strategies recommended by the scanning tools. In fact, the results of each session are stored in a database and can be analyzed subsequently by the reporting engine. Reports available range from high-level summaries of an analysis to detailed descriptions of vulnerabilities, and can include suggestions for fixes from the scanners.

As we have said, STAT Analyzer works with the most popular third-party vulnerability scanners and this gives users the opportunity to select the ‘best-of-breed’ as well as use multiple scanners. You cannot take for granted the fact that whichever scanner is best-of-breed today will continue to lead in the future, so the ability to change the scanning engine enables you to move with the times and trends in the vulnerability scanning marketplace, but without changing your management and reporting interface, which is provided by STAT Analyzer. For those companies that can justify licensing multiple scanners, the ability to compare results from different scanning engines gives more assurance than relying on a single scanner.

STAT Scanner, which is supplied with STAT Analyzer, is also a perfectly good scanner. It is arguably among the top three in the best-of-breed stakes, so it is worth taking a look at its features. STAT Scanner is aimed at detecting vulnerabilities in UNIX/Linux environments as well as Windows 2000/NT/XP. Its AutoFix feature can automatically remedy a large percentage of vulnerabilities. AutoFix works remotely, over the network, and does not require visits to affected computers. Besides detecting over 1,250 vulnerabilities, STAT Scanner provides the most easily understood descriptions of the vulnerabilities. It also provides cross-references to several third-party web sites that offer the user the user the opportunity to research vulnerabilities further. Besides the AutoFix feature, it offers detailed instructions on manually fixing vulnerabilities for users who prefer to do it manually or for the few problems that cannot be fixed automatically. The STAT Scanner database of vulnerabilities is updated monthly via the STAT web site to keep ahead of the hackers.

In conclusion, STAT Analyzer is the most easy to use tool for managing the vulnerability-scanning process and delivering reports. Used as a front-end to supported third-party scanners, it actually makes them easier to use and to configure. It offers an excellent solution to the problem of integrating network auto-discovery with vulnerability scanning engines. Its ability to consolidate reports from multiple scanning engines as well as providing a single interface for configuring those engines is unmatched. Used with its own STAT Scanner, and without further expense on third-party vulnerability scanners, it already provides a complete solution to the security management headache of keeping up with vulnerabilities and fixing them automatically. The only feature missing that we would have liked to see is the ability automatically to determine what services are being allowed through firewalls in order to filter out those vulnerabilities that would not be externally exploitable. STAT Analyzer’s starting price includes the first year’s maintenance.
 

SC On-Line
SC Magazine
www.scmagazine.com