Well since you are in the market, may I suggest you give GFI's LANGuard product suite a once over. They have the Network Security Scanner (N.S.S.), this tool is great for initial system assesment. Another useful tool they have is SELM, the Security Event Log Monitor. We also use this on high priority production systems. These are both run from a console, they are agentless. SELM can tie into a SQL database and email you any instances that you are auditing almost instantly in 'real time'.

Sorry if it sounds like a sales pitch, but I must say that I am impressed thus far with the services their products provide for the cost. I think we call that 'value'.

http://www.gfi.com/pages/prodinfo.htm

Best of luck.