Penetration Testing mailing list archives

Re: Why eEye Retina (was MBSA scanner)

From: "clarke-cummings () columbus rr com" <clarke-cummings () columbus rr com>
Date: Fri, 23 Apr 2004 11:29:16 -0400

Thanks to everyone for the great feedback and discussion on my initial
question.  I appreciate all the feedback, and we've expanded our list of
candidates and are trying to get eEye to help us out.

I think I need to qualify my "not impressive" comment from my initial post.
I certainly think that eEye's research team and the quality of their team
is impressive.  I am not, howeve, impressed with their sales support for
our trial.  This causes serious doubts over how we would be treated as
customers.  So we have no complaints with the reseach and quality of people
there, just the sales and/or support response (they were going to email a
new version or license on Monday and we haven't seen it yet.)

It sounds like many others have had similar complaints, both with sales and
too many false positives.  I understand that false positives and negatives
are to be expected and the results need to be investigated.  But I'd like
to keep those numbers down, and there were significant differences between
scanners.  eEye hit the most false positives, that after investigation,
were patched.  

Thanks again,
Clarke

Original Message:
-----------------
From: Shawn Edwards shawn.edwards () nokia com
Date: Thu, 22 Apr 2004 09:17:08 +0000
To: mmurray () ncircle com, clarke-cummings () columbus rr com,
pen-test () securityfocus com
Subject: Re: Why eEye Retina (was MBSA scanner)


ext Mike Murray wrote:

I know for a fact that they have some very skilled persons 
doing dev there. ... Just check some of their development 
discoveries that's gotta count for something!

While this is definitely an argument for the fact that a company has
very smart people working for it (which is definitely not in question in
eEye's case), I question the validity of the argument as far as the
evaluation of a network VA tool.

Agreed. And maybe my formatting of the email was mistaken.  I was moreso 
coming to the defence of the company on the blanket statement of not 
being 'impressive', but it was not meant as an exclusive criteria for 
evaluation of their products.  My evaluation discussion (albeit brief 
and somewhat thrown together) was moreso on three previous points.

we'd all be
buying something that Dave Aitel wrote.

No doubt.

While it is often given as a reason that one tool is better than
another, it simply doesn't follow that an aptitude for discovering new
vulnerabilities in code is the same as an aptitude for discovering known
vulnerabilities in running services in the real world.

And of course this is one of the strong points of nCircle's product (in 
my so far somewhat limited evaluation).  The statement I made on "Some 
may have better methodologies on enumeration" was with your methodology 
in mind. Of course I digress and won't bother touting one product over 
another as there are very many points of contention, and was hoping to 
keep my contribution to the conversation a little more 'high-level'.  
Thanks for the comments Mike!

br,

s

-- 
Office Website: http://linux.nokia.com/~shards
Personal Website:
http://%6A%6A%6A%2E%78%65%6C%63%67%30%74%33%33%78%2E%62%65%74


----------------------------------------------------------------------------
--
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---



--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

RE: Why eEye Retina (was MBSA scanner), (continued)
- - RE: Why eEye Retina (was MBSA scanner) Chris Hurley (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Lovrien, Scott (Apr 21)
  - Re: Why eEye Retina (was MBSA scanner) Renaud Deraison (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Mike Murray (Apr 22)
  - Re: Why eEye Retina (was MBSA scanner) Shawn Edwards (Apr 22)
  - RE: Why eEye Retina (was MBSA scanner) Robert E. Lee (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Peter Benson (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Doty, Stephen (BearingPoint) (Apr 22)
  - Re: Why eEye Retina (was MBSA scanner) Rainer Duffner (Apr 24)
- RE: Why eEye Retina (was MBSA scanner) Riley Hassell (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) clarke-cummings () columbus rr com (Apr 23)
- RE: Why eEye Retina (was MBSA scanner) Steve Goldsby (ICS) (Apr 26)