Security Basics mailing list archives
RE: Need Vulnerability Management Tool Review
From: "Ulm, Matt" <Matt.Ulm () edelman com>
Date: Wed, 10 Oct 2012 09:31:28 -0500
Nessus is very cheap when comparing it to other tools, but it tends to be a little more difficult to configure. If you are looking at this tool seriously, take a look at http://pauldotcom.com/. He has written a few blog posts on configuring Nessus. You can also configure Nessus to also use nmap or nikto, but this is something you have to add. Nessus only comes as a software download, so you have to build and configure the infrastructure on your own. NeXpose is also a great tool that comes in software or a hardware device format. You still have to do much of the management and maintenance of the hardware devices. Scanning, site setup, and report configuration is very easy to do, and can only take a day or two depending on the size of your infrastructure. If you are looking at Metasploit Pro as well, it incorporates the two together very seamlessly. I have noticed one thing with NeXpose that it can duplicate vulnerabilities found depending on how you set things up and run your scans. If you have an asset in multiple sites, when you scan it, you can get duplicate results. This can be annoying to say the least. There are ways around it, but you have to run your scans via command line scripts, and use cron to schedule things, so if you have a large environment, or if you do not have much Ruby experience it can be a hassle. Qualys is a quality tool, that allows you to not worry about the infrastructure management. This can be a plus if you have a small staff. The reports for Qualys look very professional and are very easy to reconfigure to suit your needs. It is quite easy to set up multiple scanning profiles or groups and then run scans against any combination of those. Qualys generally tends to be more expensive of the ones that I have seen. You also need to consider whether or not you are OK with your vulnerability data being stored by a third party, "in the cloud". Support for Qualys and NeXpose tend to be very good, and they are both generally easier to use. I have not used the other programs before so I cannot speak about them. Hope this helps. Matthew Ulm -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of shivaone () gmail com Sent: Wednesday, October 10, 2012 8:10 AM To: security-basics () securityfocus com Subject: Need Vulnerability Management Tool Review Hi Team, We are evaluating Vulnerability Management Tool, I need your help review or rate these tool on the base of below listed points or any, If you have any recommendation of tool its most except able Tool Are-NeXpose ,NESSUS, Retina,GFI LanGurd * Features * Ease of Use * Performance * Documentation * Support * Value for Money * Effectiveness in finding Vulnerability Finding ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Need Vulnerability Management Tool Review shivaone (Oct 10)
- Re: Need Vulnerability Management Tool Review Adam Pal (Oct 10)
- RE: Need Vulnerability Management Tool Review Dave Kleiman (Oct 10)
- RE: Need Vulnerability Management Tool Review Ulm, Matt (Oct 10)
- RE: Need Vulnerability Management Tool Review Chris Garlington (Oct 10)
- Re: Need Vulnerability Management Tool Review gold flake (Oct 11)
- Re: Need Vulnerability Management Tool Review neo anderson (Oct 11)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 11)
- Re: Need Vulnerability Management Tool Review Metahuman (Oct 11)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 11)
- <Possible follow-ups>
- Re: Need Vulnerability Management Tool Review Vijay (Oct 10)
- Re: Re: Need Vulnerability Management Tool Review Julian . chec (Oct 11)
- Re: Need Vulnerability Management Tool Review nekron 99 (Oct 12)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 12)
- Re: Need Vulnerability Management Tool Review nekron 99 (Oct 12)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 12)
(Thread continues...)
- Re: Need Vulnerability Management Tool Review Adam Pal (Oct 10)