Penetration Testing mailing list archives
SV: Why eEye Retina (was MBSA scanner)
From: "Niklas Blomquist" <nb () ipro se>
Date: Fri, 7 May 2004 11:06:33 +0200
Why do you thing that CA VM not is a good product? Do you know any other product that can do the same thing? I do not looking for a vulnerability scanner. I need a product like the CA VM. /N -----Ursprungligt meddelande----- Från: Steve Goldsby (ICS) [mailto:sgoldsby () networkarmor com] Skickat: den 26 april 2004 18:02 Till: Steve Goldsby (ICS); Rainer Duffner; Doty, Stephen (BearingPoint) Kopia: pen-test () securityfocus com Ämne: RE: Why eEye Retina (was MBSA scanner) CA's eTrust Vulnerability Manager is not a good product. We had a hard-sell demo in our office, and we were not impressed. Typical CA sales tactic, you can demo the box, but only for a week, and only if their engineer babysits it the whole time. It DOES however, enforce strong policy definition and management, which is where most organizations fall down. If you don't have policy, this box has less use. <get on high horse> Most organizations (in my experience) simply buy a vulnerability scanner, run it periodically, and patch what it tells them to patch. When a patch/fix breaks an application, they back it out. There is usually very little regard to what other security controls are in place to mitigate the risk. Basically, you're playing catchup all the time. Chase the patch, chase the vulnerability. </get on high horse> As an aside: to get around the "chase the patch" mess, look at Cisco Security Agent (formerly Okena). We run this on all our assets, and we are running the same binaries and same policy that we loaded **9 months ago** and we have not had a "hack" yet. No updates, no patches, no policy changes. We have clients that litteral have a 4 hour maintenance window each *quarter* and they cannot patch their boxes as patches become available. Okena/CSA gets around this problem beautifully. And, it plain works. This is what personal firewalls should have been doing all along. Steve Goldsby www.networkarmor.com -----Original Message----- From: Rainer Duffner [mailto:rainer () ultra-secure de] Sent: Friday, April 23, 2004 5:50 PM To: Doty, Stephen (BearingPoint) Cc: pen-test () securityfocus com Subject: Re: Why eEye Retina (was MBSA scanner) Doty, Stephen (BearingPoint) wrote:
How does something like CA's eTrust Vulnerability Manager product
compare -
so that continual scanning is not required using ISS, Nessus, Retina,
etc ?
How does this thing work then ? I mean, NeVO uses passive scanning, and Nessus-scanning, but this "thing" ? Oh, I see: "Q: How does eTrust Vulnerability Manager detect vulnerabilities? " "A: eTrust Vulnerability Manager uses non-intrusive methods to detect vulnerabilities on an asset through a two-step process. Step one is the identification of technologies running on an asset. This may be accomplished through manual input or automatically by eTrust" Vulnerability Manager Service, which identifies the version, patch and hot fix level of technologies running on an asset. This information is then correlated with CA s security database to identify the vulnerabilities that apply to the asset." Can anyone, who runs this, comment on wether this leads to lots of false positives/false negatives ? Does it need an agent ? And, to be honest, I can't stand "appliances" with specs like that: "eTrust Vulnerability Manager is an appliance-based solution that runs on Windows 2000 Server Platform and can be accessed by Internet Explorer 5.0 and higher. " A 'security-appliance' with the most bug-ridden, most-exploited OS on the planet, to be used with the most bug-ridden, most-exploited application running on top of it ? And: "In addition, eTrust Vulnerability Manager Service supports: " IBM AIX " HP-UX " Red Hat Linux " Sun Solaris " Windows NT/2000/XP/Server 2003" Does that mean it only detects vulnerabilities on those OSs ? What about all the other stuff that floats around ? The printer that runs some form of embedded Linux with a vulnerable Apache ? Rainer ------------------------------------------------------------------------ ------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- SV: Why eEye Retina (was MBSA scanner) Niklas Blomquist (May 07)