Overall licensing structure
The following table describes the overall licensing structure and deployment availability.
Number of licenses overtime
The number of licenses used can vary over time. The number of licenses required is the highest number of licenses used during the contract period.
When a customer exceeds their license, Holm Security will consult the customer before the additional charge.
Unlimited number of activities
Each license includes an unlimited number of scans, simulations, and awareness trails.
Scanner Appliances require no licenses
Customers using System & Network Scanning and/or Web Application Scanning can use any number of Scanner Appliances form where scanning can be carried out.
Systems & Network Scanning
Licensed per active IP
The product is licensed based on active IPs, meaning systems and computers that respond to network connections. A system can be a physical server and/or virtual machine.
The same server that has several IPs (multiple network interfaces), or both an IPv4 and IPv6 connected, will require one license.
A physical server hosts 7 virtual machines. Each machine has one IPv4 and one IPv6 connected. All machines are actively running. Scanning all 7 machines will require 7 licenses.
Device Agent licensed per installation
Licensing for Device Agent is based on the number of installations of the software in systems and computers, but a Device Agent doesn’t require an additional license if the system or computer has a license based on the IP.
Scanning a server from the outside using cloud scanners or Scanner Appliances requires one system or computer (static IP address) license connected to the IP address. A Device Agent installed in the same system or computer doesn’t require an additional license.
No additional licenses are required for policy scanning & authenticated scanning
Policy scanning and authenticated scanning require a standard license for System & Network Scanning, based on the IP. If a system is scanned using multiple methods, such as scanning from the outside, policy scanning, and authenticated scanning, it still only requires one license based on the IP.
An organization scans an IP using multiple scanning methods (scanning using cloud scanners, Scanner Appliance, policy scanning, and authenticated scanning), but only one license is needed for the product.
Web Application Scanning
License per URL/application
The product is licensed based on the number of unique web applications (or URLs) scanned. Each application scanned requires one unique license.
A web server hosts 5 web applications on separate URLs. To scan all 5 applications requires 5 licenses. If the customer scans the web server itself, this will also require a license for Systems & Network Scanning for the IP.
APIs licensed per interface
The product is licensed based on the number of unique APIs that are scanned. Each API scanned requires one unique license.
Phishing & Awareness Training
Licensed per user (email address)
The product is licensed based on the number of unique users that are included in phishing simulation and/or awareness training. A user is a unique individual, which should be equal to the number of unique email addresses.
A company has 5,000 employees that they target with phishing simulation and awareness training and 1,000 that are not targeted. The company requires 5,000 licenses for the product.
Combination with Device Agent
If using Device Agent, under the product System & Network Scanning, together with Phishing & Awareness Training, the user will be associated with the computer by identifying the user's email address. The customer will require one license for the computer (scanned using Device Agent) and one for the user.
Cloud resource definition
A cloud resource is an object resource within a cloud service. For example, Bucket A in S3 (AWS) is a cloud resource, Instance X in EC2 (AWS) is a cloud resource, and instance Y is another cloud resource within the cloud service EC2 (AWS). The cloud resources that require a license are listed below.
Cloud service definition
A cloud service is for example EC2 or RDS (AWS).
Licensing based on cloud resources
The product is licensed based on the number of unique cloud resources used by a cloud vendor.
5 virtual machine instance resources (EC2) are provisioned within an AWS cloud account. To scan these 5 resources will require 5 licenses.
3 DB instances resources (RDS) are provisioned within an AWS cloud account. To scan these 3 resources will require 3 licenses.
Combination with traditional scanning
Cloud infrastructure can be scanned from the internet using cloud scanners, or from the inside using a Scanner Appliance. This means that for example, an EC2 (in AWS) resource running a virtual machine can be scanned targeting the IP and scanned through integration with AWS using the product Cloud Scanning. This will require two licenses; one for scanning the IP from the outside, and one for scanning using the integration in the product Cloud Scanning.
If a Device Agent is installed the same policy applies as mentioned under “Device Agent licensed per installation.”
AWS cloud resources where a license is applied:
- API Gateway API
- Athena Workgroup
- CloudFront Distribution
- DynamoDB Table
- EC2 Instance
- ECR Repository
- ECS Task Definition
- EFS Filesystem
- EKS Cluster
- Elasticache Cluster
- ELB/ALB/NLB Load Balancer
- EMR Cluster
- Firehose Delivery Stream
- Kinesis Stream
- Lambda Function
- RDS Database Instance
- Redshift Cluster
- S3 Bucket
- Sagemaker Notebook
- SNS Topic
- SQS Queue
- Transfer Server
Azure cloud resources where a license is applied:
- Authorization Policy Assignments
- Authorization Policy Definitions
- Authorization Role Definitions
- Authorization Locks
- Blob Containers
- Compute Virtual Machines
- Compute Disks
- Compute Availability Sets
- Compute Virtual Machine Scale Sets
- CDN Profiles
- Container Registries
- Container Service Managed Clusters
- Insights Activity Log Alerts
- Insights Log Profiles
- Insights Autoscale Settings
- Insights Diagnostics Settings
- Key Vaults
- MySQL Servers
- Network Virtual Networks
- Network Security Groups
- Network Watchers
- Network Load Balancers
- Postgres Servers
- Storage Accounts
- SQL Servers
- Security Contacts
- Security Auto Provisioning Settings
- Security Pricing
- Web Sites
GCP cloud resources where a license is applied
- Cloud Load Balancers
- Autoscale Instance Groups
- Compute Instances
- Key Rings
- Crypto Keys
- Managed DNS Zones
- IAM Policies
- IAM Users
- Service Account Users
- Kubernetes Clusters
- Alert Policies
- Log Sinks
- SQL Instances
- Storage Buckets
- VPC Networks
Licensed per installation of Organizer. A customer can have multiple Organizers.
Holm Security Success Program Standard & Plus
Previously called “Premium Support”.
Licensed per customer, accordingly the maximum license number per customer is one.
Holm Security Certification Program
Licensed per attendee (individual) for the certification program.