Penetration Testing mailing list archives
Vulnerability scanners
From: "joe na" <valarian () mail com>
Date: Fri, 28 Mar 2003 20:45:13 -0500
I am currently helping evaluate vulnerability scanners to deploy in a large enterprise. We looked at Qualys and Retina so far. Retina has the most mature Enterprise distribution model, however Qualys does have more signatures. That being said some of the Qualys' signatures seem trivial. I am not sure all of the signatures are truly vulnerabilities thus putting into question their claim of having more vulnerability checks. We also looked at Cenzic a cool flaw injection tool not a true vulnerability scanner. The folks from ISS coming out to demo their product next, so far Retina is the clear for-runner with there distributed scanning reporting and remediation model. One question that seems important is whether a Windows or UNIX based tool is better. Windows based tools seem better for reading the registry of Windows hosts. I think the scanner you should depend on your needs and the platforms you deploy in your enterprise. Later, Joe -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
Current thread:
- Re: Vulnerability scanners, (continued)
- Re: Vulnerability scanners Paris Stone (Mar 27)
- RE: Vulnerability scanners Michael Welch (Mar 27)
- RE: Vulnerability scanners Derrick Johnson (Mar 28)
- Re: Vulnerability scanners Roman Medina (Mar 28)
- RE: Vulnerability scanners David Nester (Mar 28)
- RE: Vulnerability scanners Michael Welch (Mar 27)
- Re: Vulnerability scanners Paris Stone (Mar 27)