PaulDotCom mailing list archives
Nessus vs McAfee Vulnerability Management
From: cmerkel at gmail.com (Chris Merkel)
Date: Wed, 10 Mar 2010 23:32:59 -0600
Keep in mind that if you want to compare apples to apples, it should be Tenable Security Center vs. McAffee, assuming that you're in a large environment. Remediation workflow is important. If you're just a small group doing one-off scans, Nessus is ok. My recommendation, in addition to credentialed scans, is to look at "non-core" products, and see which one does a better job at detecting vulnerabilities - odds are that they're both going to detect missing patches to Windows and Linux distros. When I was doing an eval (didn't test McAffee) - I found that some other "magic quadrant" scanners couldn't find CVSS 10 vulnerabilities in things like vSphere, Tivoli products, IBM DB2, Trend Anti-Virus, IBM RSA/HP rILO cards, etc - obviously if you have a remote exploit in your backup agent, database, ILO or AV, that's really bad news. In addition, look to see who does a better job with auditing things like Oracle, SQL server, Exchange, Domino, etc. When it comes down to it, you have to have a solid, highly comprehensive test plan, putting the scanners against systems in your environment with known vulnerabilities. Hope that helps. (Full Disclosure: I'm a Tenable Security Center customer and recently did about 3 months of testing on various enterprise VA products. But don't take my word on it - every environment is different and each VA product has coverage strengths and weaknesses - don't just go with Nessus because it's what you know best - that's not a smart approach. ) - Chris Merkel On Wed, Mar 10, 2010 at 1:57 PM, subzer0girl <subzer0girl at gmail.com> wrote:
I need a little help convincing the purchasing people that I need Nessus. They are suggesting McAfee Vulnerability Management is a viable alternative. I want to stick with Nessus since that is what I have experience with. I've googled for a comparison of the two products but haven't found anything of value. Does anyone have experience with how the two products compare ? Any help would be appreciated Sandy _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- - Chris Merkel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100310/a4bcbd42/attachment.htm
Current thread:
- Nessus vs McAfee Vulnerability Management subzer0girl (Mar 10)
- Nessus vs McAfee Vulnerability Management John Strand (Mar 10)
- Nessus vs McAfee Vulnerability Management Albert R. Campa (Mar 10)
- Nessus vs McAfee Vulnerability Management Chris Merkel (Mar 10)
- Nessus vs McAfee Vulnerability Management Ng Choon Kiat (Mar 10)
- Nessus vs McAfee Vulnerability Management John Strand (Mar 11)
- Nessus vs McAfee Vulnerability Management Ron Gula (Mar 11)
- Nessus vs McAfee Vulnerability Management Michael Dickey (Mar 11)
- Nessus vs McAfee Vulnerability Management John Strand (Mar 10)