Control Compliance Suite

 View Only

  • 1.  CCS VM licensing

    Posted Dec 10, 2012 06:08 AM

    Hi,

    I need to confirm CCS Vulnerability Manager licensing. I know that CCS VM licensing are usually IP and scan based. I have a query what if a client has license of 1000 nodes and runs scan on 700 servers. After assessing report and information gathering, client deletes those IPs or Site (groups) and add new set of further 700-800 IPs for scanning. Would that work with the license of 1000 endpoints? or it would not by keeping record of scanned IP targets?

    Regards.



  • 2.  RE: CCS VM licensing

    Posted Dec 10, 2012 12:36 PM

    It should work fine, you just can't scan over your limit. As long as you're within limit, should be no issue.



  • 3.  RE: CCS VM licensing
    Best Answer

    Posted Dec 13, 2012 11:14 AM

    Atif,

    It should work from a technical standpoint, but it is definitely skirting the EULA. To protect yourself, I would recommend sending them an e-mail recommending they purchase the license required to scan all of their IPs. We used to have similar issues with Bindview licensing where we could get around license limitations by scoping just under the license count and I always advised against it. In the end, no company wants the stigma of violating license terms.

    Chris Tyrrell

    Compliance Practice Lead

    Conventus Corp.

    ctyrrell@conventus-sei.com



  • 4.  RE: CCS VM licensing

    Posted Dec 14, 2012 12:56 PM

    Thanks Tyrrell,

    I have already conveyed the same to client that this is ethically wrong and against EULA. Thanks for confirming the same.