FOR
Offering real-world attacks in a controlled manner, ScanDo can show you your environment’s true vulnerabilities.
AGAINST
None.
VERDICT
Adding an extra layer of defense against Internet-based attacks, ScanDo is an invaluable product offering true peace of mind

.

Even if you have followed every prescribed step in ensuring the security of your organization, from risk assessment to security policy to implementation, and invested in the most cutting edge technology, there can be no guarantee that it will stay secure. Every day, hackers are sharing new vulnerabilities and new techniques, which could render every precaution that you have taken completely irrelevant. And businesses with a web presence are not only advertising their existence, but are offering a potential way in to the corporate network.

This is where KaVaDo’s ScanDo product comes into play. Rather than another layer of defense, it provides friendly ‘offence,’ targeting your web-based applications in a controlled manner and probing for vulnerabilities. It uses real (but de-fanged) attacks to assess exactly how secure your systems are, from the web servers to the internal IT infrastructure. Forewarned is forearmed, and ScanDo gives you all the warning you could want.

There are three stages to running ScanDo. The first stage is a scan of your entire IT environment. This creates an inventory of all applications and files, looking at both structure and content. In the process, the chances are it will discover all of those files whose presence will be a surprise to you: files created and discarded during one installation or another, which present a security threat. This isn’t just a passive scan; ScanDo emulates a real user, clicking on buttons, executing scripts and filling in fields. Because of this, it builds up a real picture of what’s sitting on your servers, rather than relying on a directory listing.

Using this inventory, ScanDo can proceed to the second stage. This is the real strength of the product: assessment and attack. Assessment is the less aggressive option, with gentle probes into all areas of your environment, looking for known vulnerabilities (the list of which is always kept up to date by virtue of the auto-update feature of the product - an extremely important feature). ScanDo is designed to check for virtually every vulnerability around, from loopholes created by the basic IT environment, to SQL concatenation and buffer overflows, taking in more esoteric problems such as cookie poisoning and parameter tampering en route.

Of course, all of this is theoretical; a bit like knowing how good a front door is from the tensile strength of its components. The only true test is to try kicking the door in, and that is exactly what ScanDo does in attack mode. Using authentic offensive techniques, ScanDo bombards your web environment at every level. Although the attacks are harmless (no payloads and no consequences, so you don’t have to repair the front door every time), they will highlight the areas of weakness in exactly the same way as a real attack would. The results of the attack can then be compared with the assessment, giving a much more accurate analysis of your environment’s vulnerabilities.

It goes without saying, all IT environments are different, and if ScanDo only provided a one-size-fits-all assessment, the chances are that the techniques would be too blunt to give a true analysis. ScanDo addresses these concerns by offering a whole host of fine-tuning options for the assessment/attack stage (and you can fine-tune both differently). For example, many web environments grow organically, with new branches being added and outdated ones being pruned. You can instruct ScanDo to ignore “Error 404” pages - and if you have eschewed these in favor of bespoke “not found” messages, you can tell it what they are, reducing manual intervention during the scan (the dictionary option even allows for different languages). But there are times when you want manual intervention. As ScanDo runs through your environment, it may encounter areas that require certificates for entry. These can be added to ScanDo - when such an area is reached, a window pops up, and the administrator can then click on the requisite certificate. These are just a few examples of how to tailor ScanDo to a particular environment - there are many, many more.

Obviously, neither of the first two steps is worth anything unless the reporting options are up to scratch, and this is certainly true of ScanDo. Not only is reporting - both graphical and textual - comprehensive to the extreme, but the reports can all be tailored to suit the specific user or environment.

It is clear that usability was at the forefront of the developers’ minds when writing ScanDo. All of the documentation - from Quick Start Guide to User Guide - is clear, helpful and easy to follow. Installation and subsequent configuration is a joy - especially given how powerful the product is.

Making your presence felt on the Internet is a vital part of any business, but many network administrators are vulnerable to complacency, assuming that security is a one-time deal. ScanDo offers the real-time reassurance that web applications and your IT environment are guarded against the very latest in offensive techniques, and as such, is an invaluable addition to any security policy.