PaulDotCom mailing list archives
Re: vulnerability scanners
From: Michael Dickey <lonervamp () gmail com>
Date: Tue, 31 Aug 2010 13:11:55 -0500
Definitely put Nessus at the top of your list, largely due to their long history. And everyone should have, at the least, passing familiarity with it. I second and third everyone who says to be sure and try it out for a while. Vulnerability scanners that fairly accurately scan are the easy part. The hidden "cost" of owning these scanners is the ongoing tuning and cleaning of the reports/findings. Can you mark things permanently ignored/accepted so you don't have to manage that same false positive every month? Or do you have to jeopardize the integrity of your scanning by turning off targets/checks? Can you group assets? Can you use a mini-ticketing system inside the tool to remediate findings (and track them)? Can you live with the reports or do they spit out 1,500 page reports that no one can manage? Do they throw you Crystal Reports or other DIY/"customizable" reports that take you 6 months to effectively learn how to use? And so on... I'd suggest setting up a multi-system test lab with known vulns, run a scan with all checks turned on, fix some of the vulns, run another scan, and see how you can live with the results. You could compare whatever you choose against other options like McAfee Foundstone (stupidly rebranded as the amazingly original and easily searchable "Vulnerability Manager") or TrustWave's offerings. If you're selling the idea of investment into a vuln scanner, don't forget about the operational cost of maintaining the targets list and managing the results! I've really never seen a clean vulnerability scan of a system (particularly Windows) that didn't have significant analyst investment to keep it clean and explain away the false positives or accepted issues. On Tue, Aug 31, 2010 at 11:02 AM, Andrew Anderson <andycapp92 () gmail com>wrote:
So I'm looking to justify the purchase of a vulnerability scanning product and am looking for some objective opinions. I am partial to Nessus, due in part to the fact that I have used it before and it's price is really attractive. I am looking at Core as well - trying to figure out which on of their products lines up best with Nessus proffesional feed (for comparisons). Can anyone point me to a decent third party comparison online? Does anyone have any suggestions for a third contender for my list? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- vulnerability scanners Andrew Anderson (Aug 31)
- Re: vulnerability scanners Butturini, Russell (Aug 31)
- Re: vulnerability scanners Michael Douglas (Aug 31)
- Re: vulnerability scanners Paul Asadoorian (Aug 31)
- Re: vulnerability scanners Daniel (Aug 31)
- Re: vulnerability scanners Albert R. Campa (Aug 31)
- Re: vulnerability scanners Francois Lachance (Sep 02)
- Re: vulnerability scanners Michael Dickey (Aug 31)
- <Possible follow-ups>
- Re: Vulnerability Scanners Herndon Elliott (Sep 01)
- Re: Vulnerability Scanners Albert R. Campa (Sep 01)
- Re: vulnerability scanners Butturini, Russell (Aug 31)