SecPod SanerNow is a SaaS platform hosted in the Cloud, so it isn’t bound by the server or the network that hosts it. The SanerNow system includes a Vulnerability Manager module that scans systems for security weaknesses. This tool offers an effective way to protect all of your corporate IT assets wherever they are located.
The SanerNow platform includes many other services, not just its vulnerability scanning system. The modules work together to help you block malware and intruders, keeping your system safe and within data privacy standards compliance.
SecPod Technologies, Inc. was founded in Bangalore, Karnataka, India, in 2008. The name “SecPod” is a contraction of “Security Podium.” The company is still independent, and it is still run by its founder, Chandrashekhar Basavanna, who is the business’s CEO. Basavanna is also a board member, the open source project that manages the Open Vulnerability and Assessment Language. SecPod contributes developers to the project and uses OVAL in its Vulnerability Manager.
SecPod Technologies has its US headquarters in Redwood City, California. However, its development team and support technicians are based in Bangalore.
The SanerNow platform
All of SecPod’s products are based on the SanerNow SaaS platform. SanerNow’s full name is the SanerNow Cyberhygene Platform.
The platform has two divisions of tools:
- Security Risk and Compliance
- Endpoint Management
All of the elements available on the SanerNow platform will work together. However, you choose which modules you want, so you don’t have to have both categories of services, and you don’t even have to subscribe to all of the modules within each category.
The Endpoint Management section of the platform includes live performance monitoring plus endpoint detection and response (EDR). In addition, the modules had with the Security Risk and Compliance section of the forum also greatly improved the management of endpoints.
We will focus on the Security Risk and Compliance facilities in the SanerNow platform for this review.
SanerNow Security Risk and Compliance
Thanks to the company’s close involvement with OVAL, the platform is centered on the Vulnerability Manager. Other modules support this function. The SanerNow platform modules can operate on endpoints running Windows, macOS, and Linux. For this purpose, each endpoint requires an agent installed on it to coordinate with the SanerNow cloud platform.
The complete list of SanerNow Security Risk and Compliance modules is:
- Asset Management
- Vulnerability Management
- Patch Management
- Compliance Management
The Asset Management module documents all of the hardware and software of the protected system. A vulnerability scanner needs to locate all devices and scan their operating systems, services, applications, and software if it is to assess whether they are all up to date. This is an internal vulnerability scan, and it is concerned with system hardening.
A vulnerability assessment of system settings supplements the internal scan of a protected system. This looks at configurations that provide lax security and enable the lateral movement of malware or intruders from one device to another. The lack of activity logging also makes secret actions by hackers possible. So, the SanerNow system ensures that all log capabilities are activated, and that log messages are collected and filed – this is the responsibility of the Compliance Management unit of the platform.
So, although it seems that Vulnerability Manager is just one of the modules in the SanerNow system, in truth, all of the modules in the platform contribute toward vulnerability management. To summarize the contributions of each module to internal vulnerability management:
The Asset Manager scans a protected system and creates inventories for it. This includes both hardware and software inventories. These lists of assets are periodically updated by repeated network and device scans.
The vulnerability scanner works from a list of more than 160,000 potential weaknesses. Despite this long proprietary list of vulnerabilities, the scanning service takes only about 5 minutes to complete a system sweep.
The Patch Management module is closely linked to the Vulnerability Manager because software providers often produce updates with the sole purpose of closing down newly discovered vulnerabilities.
This module polls software providers for the latest versions of all assets listed in the software inventory. If later versions are available that those already installed, the Patch Manager will acquire update installers and run them at the next open maintenance window.
The Patch Manager can update more than 350 third-party software packages as well as all the major operating systems.
This unit checks the configurations of devices and recommends tightening to enable the security features built into system assets to be exploited to the full potential. The Compliance Manager system watches those configurations to ensure that they are not tampered with and collects logs to ensure that the business complies with data protection standards.
The Compliance Manager will adapt its actions according to the standards that the user specifies should be followed. Options are:
- PCI DSS
- NIST 800-53
- NIST 800-171
The Compliance Manager includes templates that automatically generate reports suitable for compliance reporting.
External Vulnerability Scanning
Your system is most vulnerable to attack from outside the network. Internet connections can provide inroads into your network and allow malicious actors and software onto your devices. Additionally, web assets can be compromised through commonly-know attack strategies, and the SanerNow vulnerability scanner looks for those weaknesses.
The SanerNow vulnerability scanner runs periodically by default. However, the user can launch scans on-demand or command continuous scanning operations. The results of each scan are presented in the form of a live report in the dashboard. This lists each asset and the vulnerabilities discovered on it during the scan. Color-coded risk scores make it easy to see which vulnerabilities are serious and less critical. The scanner also produces an ordered list of ranked vulnerabilities discovered during each run.
Analysis functions in the Vulnerability Manager present historical severe significant occurrences of each type of vulnerability and the likelihood of their recurrence, including where they are likely to arise.
SanerNow Vulnerability Database
There are two major lists of well-known attack strategies that the SanerNow system checks for. These are the OWASP Top 10, defined by the Open Web Application Security Project, and the SANS Top 25. Rather than look through two lists, the SecPod system works off the company’s list of known vulnerabilities, which incorporates the OWASP and SANS intel.
The SecPod vulnerability list is called the SCAP feed, and it includes more than 160,000 weaknesses. SCAP stands for Security Content Automation Protocol. An open standard creates a format for instruction exchanges relating to security actions. The SCAP can be defined in OVAL, which is the security definition language to which SecPod contributes.
SecPod also makes its SCAP feed available as a standalone service. This is like a threat intelligence feed, except it is less volatile because it doesn’t include Indicator of Compromise data such as lists of suspected hacker IP addresses and domains. Nonetheless, subscribers to the SanerNow SCAP feed get a daily update, which can be input directly into third-party security products.
The SanerNow Dashboard
The dashboard for SanerNow is adaptable. It won’t show all of the available screens for the platform, just the ones for the modules to which you subscribe. The screens are brightly colored with heatmap themes to make problem recognition easier – red is the awful, yellow, and light blue area at the other end of the spectrum.
As the SanerNow system is based in the Cloud, the dashboard is hosted, and you don’t need to install any server systems on your network. The dashboard can be accessed through any standard Web browser from anywhere.
SanerNow Deployment Options
SanerNow is a SaaS platform hosted on the SecPod servers in the Cloud. You do, however, need to install agent programs on each of your endpoints. You need one agent on each device, which takes care of all of the local work required for all of the SanerNow modules you subscribe to. The installation of SanerNow agents is guided through the dashboard. Agents are available for Windows, macOS, and Linux.
SecPod will supply the SanerNow system as a software bundle for those businesses that prefer to host the system on their own servers. This package will run on Linux.
SecPod SanerNow Prices
SecPod doesn’t publish its price list for SanerNow. However, the company offers a 30-day free trial of all SanerNow modules.
SanerNow Vulnerability Manager Strengths and Weaknesses
SecPod has put together an impressive package. The company has been able to extend its security scanning service a little further than the usual borders of vulnerability management. The Compliance Management module includes compliance reporting and monitoring, and configuration management is an example of this strategy.
We have assessed SecPod SanerNow and identified several good and destructive features.
- A modular system that allows deployment flexibility
- Fast scanning and easy-to-read vulnerability reports
- A database of more than 160,000 vulnerabilities
- A hosted service that doesn’t use up local processors
- Automated links between related modules
- Analytical features to promote secure working practices
- The modular system could lead you into taking out many subscriptions to get a full vulnerability manager
Alternatives to SanerNow Vulnerability Manager
There are several excellent vulnerability managers on the market, so the SanerNow system, though perfect, is not your only option. It is always good to check out several alternative candidates before buying any type of IT system, especially security software.
Here is our list of the five best alternatives to SanerNow:
- Invicti (GET DEMO ACCESS) This vulnerability scanner also offers continuous testing, making it a good fit for a CI/CD pipeline in a DevOps environment. However, there is also a straightforward vulnerability scanning option for IT Operations. This system spots common vulnerabilities from an external viewpoint, and it also attempts to scan code and identify potential security weaknesses in module cohesion and clashing activities between contributing functions. Invicti implements SOAR to close down vulnerabilities by communicating with third-party systems. It can also send notifications through ticketing and project management systems to allocate technicians to resolve problems. Invicti is available as a SaaS package or for Windows and Windows Server installation. You can access a demo to assess Invicti.
- Acunetix (GET DEMO ACCESS) This vulnerability manager operates both internal and external scans. It is available in three editions, each addressing a different security testing need. The external scanner looks for a list of 7.000 vulnerabilities that include the OWASP Top 10. The internal scanner has a vulnerability list of more than 50,000 known vulnerabilities. This service can be tailored to standards requirements for compliance with PCI DSS, HIPAA, and ISO 27001. This is a SaaS package, but the software is also available for Windows, macOS, and Linux installation. In addition, there is a demo system of Acunetix for assessment.
- Rapid7 InsightVM This vulnerability scanner is part of a platform of security tools that can be subscribed to individually or as a suite. The InsightVM package includes automated patch management, and the tool will recommend changes to device and software settings to harden the system. This service will check servers, networks, endpoints, Web assets, cloud resources, and containers. InsightVM is available for a 30-day free trial.
- ManageEngine Vulnerability Manager Plus This is a comprehensive package that performs a scan every 90 minutes by default – that frequency can be adjusted. The package also includes a linked patch manager that kicks in automatically when updates are identified as solutions to detected vulnerabilities. In addition, the tool performs internal and external scans and will produce recommendations for configuration changes, which can be implemented automatically through the integrated Configuration Manager. This software installs on Windows Server, and it is available for a 30-day free trial.
- Intruder This cloud-based SaaS platform offers a range of plans to suit businesses of different sizes. The lowest package offers a monthly vulnerability scan. Higher plans include SSL certificate assessments and scans on demand. The service performs both external and internal scans with checks for a list of over 10,000 vulnerabilities. Intruder also offers the services of a penetration testing team. In addition, you can get a 30-day free trial of Intruder Pro.