GFI LanGuard is a network security scanner and patch management tool that provides network mapping and risk analysis. You install the software on a single Windows machine, which then scans the network to discover all devices (servers, workstations, laptops, mobile devices, virtual machines, routers, switches, and printers) and interrogate them regarding security issues. Once discovered, the devices can be managed with or without an agent; using an agent will give IT administrators deeper results. While no security security tool is a silver bullet, GFI LanGuard is attractive because it's notably more mature than many security tools popping on the market and so has a feature depth you won't find in many other platforms. Combined with new security tools aimed at protecting cloud infrastucture, like CloudPassage, or identity management, like ViewFinity, GFI LanGuard becomes an indispensible member of your network security tool kit.
Installation
The GFI LanGuard download is about 300 MB; to activate it, you'll receive the license key by email. Then, a wizard guides you through installation. I was scanning my network within five minutes. The product launched and opened the home screen where I could choose to view the dashboard (investigate network vulnerability status and audit results), remediate security issues (deploy missing patches, uninstall unauthorized software, turn on antivirus and more), manage agents (enable agents to automate network security audit and to distribute scanning load across client machines), or launch a scan (manually set-up and trigger an agentless network security audit). There are also links to the latest product-related news on the bottom of the home screen.
GFI LanGuard automatically enabled vulnerability scanning on the local machine where it was installed and ran a scan. From the home screen, I quickly saw that this machine was classified as having medium vulnerability, so I clicked on the message and was taken to a dashboard with more detailed information. The information shown in this dashboard included the vulnerability level, top five issues to address (which were patches that needed to be applied and a configuration that needed to be changed), security sensors (software updates, service pack updates, vulnerabilities, and more), scan activity, agent status, and vulnerability trend over time. Security sensors were color-coded as red or green. Clicking the red security sensor showed vulnerabilities grouped by severity, a vulnerability list, and details about each. I could then choose to remediate, acknowledge, ignore, or change the vulnerability severity, or the rules related to the vulnerability.
GFI LanGuard has some very good resources available from the download page including full product documentation and a video product tour. It also has an informative knowledge base online. During the trial period, customers can get tech support via live chat or by filling out a form on the GFI website.
Similar Products
Bitdefender GravityZone Business Security Premium
F-Secure Elements
Webroot SecureAnywhere Business Endpoint Protection
Avast Business Antivirus Pro Plus
Exabeam
Panda Security Adaptive Defense
Sophos Cloud Endpoint Protection
AVG CloudCare
McAfee Endpoint Protection Essential for SMB
Kaspersky Small Office Security
Working With GFI LanGuard
To perform an initial remote agentless scan, I went to the scan page. From here, I created a custom scanning group that encompassed my entire single segment network using the IP address range 192.168.10.1 to 192.168.10.254 and clicked the Scan button. I was immediately notified that seven computers responded during network discovery and that the full scan would take five hours to complete; within five minutes this estimated scan time dropped to 20 minutes. The scan results overview window was populated with IP addresses and more information, such as machine name and OS, was added as it was discovered. Opening the tree below the first scanned Windows machine, I saw that I could dig deeper into open TCP and UDP ports, hardware, software, and system information.
Under each Windows machine there were sections for vulnerability assessment and network and software audit. In the vulnerability assessment area, vulnerabilities are broken out by severity (high, low, potential, missing service packs, and missing security updates). I was surprised to see a few missing security updates so I clicked on that header and saw that I was indeed missing three non-Microsoft application specific updates, each with critical severity and posted within the previous three months. Double-clicking the application name brought up a new window containing deeper information and a link to download the application-specific patch.
Overall, the GFI LanGuard GUI is well-polished. I could drag to resize windows and information fields. The contents of almost any window could be selected and copied to the clipboard by right-clicking. Most screens were organized to show information about the device in a big window, help related to the current device in a smaller window on the right hand side of the screen, activities along the bottom of the screen, and a deeper dive into activities (including errors) below that. The interface is intuitive and responsive.
Reporting is a big strength. Clicking on GFI LanGuard's reports tab opened a list of general and regulation-specific reports, such as PCI DSS compliance reports, HIPAA compliance reports, and more. Clicking a specific report showed me its description, ways in which to use it, a sample, and the ability to customize the report or run it as is. Once run, I could view the report on screen (where I encountered some formatting oddities when zooming in), search it, print it, or email it.
Great GUI and Powerful Tools
GFI LanGuard is a highly-regarded network security scanner, vulnerability assessment, and patch management solution. It can run with or without agents to audit a multitude of devices and operating systems. The management GUI is very well-organized and workflow-driven so it's easy for an IT administrator to find what needs to be done and do it. Just be sure to convert your reports into PDFs to avoid formatting issues.
GFI LanGuard is a powerful and intuitive network security scanner, vulnerability assessment and patch management tool with a great workflow-driven interface. However, outstanding reporting is marred by poor on-screen formatting.
Like What You're Reading?
Sign up for Lab Report to get the latest reviews and top product advice delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
