Security Basics mailing list archives

RE: Need Vulnerability Management Tool Review

From: "Ulm, Matt" <Matt.Ulm () edelman com>
Date: Wed, 10 Oct 2012 09:31:28 -0500

Nessus is very cheap when comparing it to other tools, but it tends to be a little more difficult to configure. If you 
are looking at this tool seriously, take a look at http://pauldotcom.com/. He has written a few blog posts on 
configuring Nessus. You can also configure Nessus to also use nmap or nikto, but this is something you have to add. 
Nessus only comes as a software download, so you have to build and configure the infrastructure on your own.

NeXpose is also a great tool that comes in software or a hardware device format. You still have to do much of the 
management and maintenance of the hardware devices. Scanning, site setup, and report configuration is very easy to do, 
and can only take a day or two depending on the size of your infrastructure. If you are looking at Metasploit Pro as 
well, it incorporates the two together very seamlessly. I have noticed one thing with NeXpose that it can duplicate 
vulnerabilities found depending on how you set things up and run your scans. If you have an asset in multiple sites, 
when you scan it, you can get duplicate results. This can be annoying to say the least. There are ways around it, but 
you have to run your scans via command line scripts, and use cron to schedule things, so if you have a large 
environment, or if you do not have much Ruby experience it can be a hassle.

Qualys is a quality tool, that allows you to not worry about the infrastructure management. This can be a plus if you 
have a small staff. The reports for Qualys look very professional and are very easy to reconfigure to suit your needs. 
It is quite easy to set up multiple scanning profiles or groups and then run scans against any combination of those. 
Qualys generally tends to be more expensive of the ones that I have seen. You also need to consider whether or not you 
are OK with your vulnerability data being stored by a third party, "in the cloud".

Support for Qualys and NeXpose tend to be very good, and they are both generally easier to use. I have not used the 
other programs before so I cannot speak about them.

Hope this helps.

Matthew Ulm

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of shivaone () gmail com
Sent: Wednesday, October 10, 2012 8:10 AM
To: security-basics () securityfocus com
Subject: Need Vulnerability Management Tool Review

Hi Team,

     We are evaluating Vulnerability Management Tool,  I need your help review or rate these tool on the base of below 
listed points or any, If you have any recommendation of tool its most except able 

Tool Are-NeXpose ,NESSUS, Retina,GFI LanGurd  
*       Features
*       Ease of Use
*       Performance
*       Documentation
*       Support
*       Value for Money
*       Effectiveness in finding Vulnerability Finding 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Need Vulnerability Management Tool Review shivaone (Oct 10)
- Re: Need Vulnerability Management Tool Review Adam Pal (Oct 10)
  - RE: Need Vulnerability Management Tool Review Dave Kleiman (Oct 10)
- RE: Need Vulnerability Management Tool Review Ulm, Matt (Oct 10)
- RE: Need Vulnerability Management Tool Review Chris Garlington (Oct 10)
- Re: Need Vulnerability Management Tool Review gold flake (Oct 11)
- Re: Need Vulnerability Management Tool Review neo anderson (Oct 11)
  - Re: Need Vulnerability Management Tool Review Bryan (Oct 11)
    - Re: Need Vulnerability Management Tool Review Metahuman (Oct 11)
- <Possible follow-ups>
- Re: Need Vulnerability Management Tool Review Vijay (Oct 10)
- Re: Re: Need Vulnerability Management Tool Review Julian . chec (Oct 11)
- Re: Need Vulnerability Management Tool Review nekron 99 (Oct 12)
  - Re: Need Vulnerability Management Tool Review Bryan (Oct 12)
    - Re: Need Vulnerability Management Tool Review nekron 99 (Oct 12)

(Thread continues...)