Nessus vs McAfee Vulnerability Management

[strandjs at gmail.com (John Strand)]

But isn't that the point?

Get a eval/trial of both.  Put them through their paces.   Go with the one
that works the best.

If a vendor does not believe in that process, go with a different vendor.

john

On Wed, Mar 10, 2010 at 10:32 PM, Chris Merkel <cmerkel at gmail.com> wrote:

> Keep in mind that if you want to compare apples to apples, it should be
> Tenable Security Center vs. McAffee, assuming that you're in a large
> environment. Remediation workflow is important. If you're just a small group
> doing one-off scans, Nessus is ok.
>
> My recommendation, in addition to credentialed scans, is to look at
> "non-core" products, and see which one does a better job at detecting
> vulnerabilities - odds are that they're both going to detect missing patches
> to Windows and Linux distros.
>
> When I was doing an eval (didn't test McAffee) - I found that some other
> "magic quadrant" scanners couldn't find CVSS 10 vulnerabilities in things
> like vSphere, Tivoli products, IBM DB2, Trend Anti-Virus, IBM RSA/HP rILO
> cards, etc - obviously if you have a remote exploit in your backup agent,
> database, ILO or AV, that's really bad news.
>
> In addition, look to see who does a better job with auditing things like
> Oracle, SQL server, Exchange, Domino, etc.
>
> When it comes down to it, you have to have a solid, highly comprehensive
> test plan, putting the scanners against systems in your environment with
> known vulnerabilities.
>
> Hope that helps.
>
> (Full Disclosure: I'm a Tenable Security Center customer and recently did
> about 3 months of testing on various enterprise VA products. But don't take
> my word on it - every environment is different and each VA product has
> coverage strengths and weaknesses - don't just go with Nessus because it's
> what you know best - that's not a smart approach. )
>
> - Chris Merkel
>
> On Wed, Mar 10, 2010 at 1:57 PM, subzer0girl <subzer0girl at gmail.com>wrote:
>
> > I need a little help convincing the purchasing people that I need Nessus.
> > They are suggesting McAfee Vulnerability Management is a viable
> > alternative.  I want to stick with Nessus since that is what I have
> > experience with.  I've googled for a comparison of the two products but
> > haven't found anything of value. Does anyone have experience with how the
> > two products compare ?
> >
> > Any help would be appreciated
> >
> > Sandy
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> - Chris Merkel
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100311/e0cf0d3f/attachment.htm