Re: Vulnerability scanners - what do you use? What seems to be successful for your environment?

[Wayne Bullock <wayne () FAU EDU>]

We use eEye Retina. It works well for us. It finds the vulnerabilities and helps us provide guidance to system 
administrators regarding patching their systems. http://www.eeye.com/Products/Retina.aspx

        --Wayne

Wayne Bullock, MSCIS, CCNA
Associate Director 
Communication Services Infrastructure
Information Resource Management 
Florida Atlantic University 
777 Glades Road
Boca Raton, FL 33431
 

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve 
Brukbacher
Sent: Wednesday, June 02, 2010 3:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Vulnerability scanners - what do you use? What seems to be successful for your environment?

We're running Nexpose currently.  It's okay, but not very accurate for 
Unix systems when evaluating patch levels.  Tons of false positives 
because often times the way admins patch services doesnt' change the 
version level that the vunl. scanner uses to determine path level. 
There are things you can do about that, including loading root creds 
into the vuln. scanner, which I'm not too keen on in general.  It does 
fine for open ports/etc and the reporting is pretty good compared to Nessus.

So if you just want to see what the "bad guys" are seeing, I'd just use 
Nessus.  If you want to do regular auditing, especially for Windows 
systems, or for performing risk assessments, this might not be a bad 
choice.

-- 
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224

On 5/26/10 12:57 PM, Di Fabio, Andrea wrote:
> We have been using OpenVAS since Nessus became commercialized.  We are
> in the process of integrating it with metasploit autopwn. So far the
> only drawback we have is the lack of built in automated comparison of
> previous scans with the current one.
>
> *From:* The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Ullman, Catherine
> *Sent:* Tuesday, May 25, 2010 11:13 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Vulnerability scanners - what do you use? What
> seems to be successful for your environment?
>
> Greetings!
>
> I am beginning to do some research into vulnerability scanners to be
> used in assessing infrastructure weaknesses here at the University at
> Buffalo. I'm wondering if folks out there might be willing to share with
> us what they're using, if anything, and any experiences (good or bad)
> you've had with any of these products.
>
> Many thanks in advance for your assistance.
>
> Sincerely,
>
> Cathy
>
> Catherine J. Ullman
>
> Information Security Analyst
>
> Information Security Office
>
> University at Buffalo
>
> cende () buffalo edu <mailto:cende () buffalo edu>