PaulDotCom mailing list archives
Re: Best ROI Combination - Metasploit & Training
From: "Albert R. Campa" <abcampa () gmail com>
Date: Tue, 11 Dec 2012 08:51:16 -0600
stand alone Nessus does integrate with Qradar. I really like Nessus as a scanner and also as you say, using audit files. SANS training like 560 or 542 are both good, offsec training is great as well. im interested to know why you dont like Nessus as a vulnerability scanner? On Mon, Dec 10, 2012 at 6:37 PM, Arch Angel <arch3angel () gmail com> wrote:
I would like to thank everyone for the advice and suggestions, it is truly appreciated and welcomed! I cannot go into detail as to the company or the status but I can say that in my region we are looking to build a ground up program and are under Visa, MasterCard, Discover, and ISO guidelines / requirements. We currently have Nessus, which till I walked in had not even been installed. As a matter of fact I asked which machine it was on, the reply was "Well we couldn't get it licensed because it would have required a firewall change and that's a hassle so we just never installed it". Needless to say it is installed and I'm working through the trials and tribulations of red tape to get it to do more for us than host discovery. That being said I absolutely love Nessus but not as a vulnerability scanner. I like it automating configuration checks, custom audit files, checking Active Directory items, etc.. I prefer NexPose for vulnerability and NexPose seamlessly integrates with Q1 Labs, QRadar SIEM, which I am not sure Nessus does. QRadar is coming down the pipe from corporate before too long. I also prefer to invest in good people rather than tools which, as mention above, have a tendency to sit in the virtual bookshelf collecting virtual dust if the people don't know how to use them. This may end up being answered based on $$$ over the 2013 calendar year. Unfortunately I was not part of the 2013 budget plans, so it may end up being nothing till 2014 :-( For example, I am in the process of building a wireless auditing program based on Kismet, and off the shelf hardware. This is actually working quite well so far during testing! -- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel ______________________________**_________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/**cgi-bin/mailman/listinfo/**pauldotcom<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Best ROI Combination - Metasploit & Training Arch Angel (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Larry Pesce (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Michael Allen (Dec 08)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)
- Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 12)
- Re: Best ROI Combination - Metasploit & Training Todd Haverkos (Dec 13)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 13)
- Re: Best ROI Combination - Metasploit & Training Ron Gula (Dec 14)
- Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 14)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)
- Re: Best ROI Combination - Metasploit & Training Ryker Exum (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 11)
- <Possible follow-ups>
- Re: Best ROI Combination - Metasploit & Training Ty Purcell (Dec 07)