Tools for tighter networks

Impressive software from Citadel, eEye makes it easier for agencies to manage their network vulnerabilities

Vulnerability management software has become critical to protecting your network and data from security breaches. Recently, the GCN Lab tested four leading software solutions for their ability to uphold security policies and monitor network weaknesses [,].

But as we noted at the time, that review was missing something, namely two important vulnerability management suites: Hercules from Citadel Corp., and REM Security Management Console by eEye Digital Security. We promised we'd make it up to you, and now we are. We just got through testing Hercules and REM using the same test plan we used on the other suites. And we were impressed with what we found.

Before testing, we spent a day with each vendor, training and learning how to deploy their programs. We then installed each suite on a controlled network and ran tests that measured three main characteristics.

Setup and administration was the most important test. We looked at how easy it was for a network administrator to access all the software's features, detect and fix vulnerabilities, establish protocols and policies, and catalog network issues. We then looked at the various features of each suite. No two vulnerability management suites are alike; some include more features than others.

Finally, we examined each product's control and automation features. Having the ability to restrict certain administrative staff and users to certain parts of the network is paramount in maintaining an up-to-date enterprise network. Additionally, the more the software does by itself, the better.

Here's what we learned about these two suites.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected