Penetration Testing mailing list archives
Re: Qualys
From: Ivan Arce <ivan.arce () coresecurity com>
Date: Mon, 13 Feb 2006 17:23:31 -0300
That may have been a bit premature IMHO. The real question he should have asked is; well, how many hosts do you actually have in your class A network? And how many do you plan to have in the next few years? Maybe you do have more than 60k live hosts, maybe even more than 600k but I suspect you do not have anywhere near to 2^24 live hosts in your class A. Judging technical competence on the basis of such an open-ended question isn't fair and it goes both-ways: maybe the tech guy answered that because he assumed that you could not possibly have more than 60k hosts in your class-A environment and his answer was a pragmatic one related to the sale at hand not the correct one for a technical-evaluation of his networking knowledge. He took it for granted that you could/would not distinguish between the number of hosts in your own network and the number of hosts in a fully populated class-A. Anyway, I am not affiliated with nCircle in any capacity and have no vested interest in defending them or any other vendor. I just wanted to point out that usually there are subtleties that need to be more clearly defined in order to evaluate the technical merits of a given product/service. -ivan US Infosec wrote:
nCircle came to do a demonstration for my team once. I work in an enviornment that has a full routable class A. I asked the technical guy there if they had ever deployed their appliances in a Class A enviornment and he said sure we have supported clients with 60K hosts. That was the end of our consideration. gl On 2/6/06, Mark Teicher <mht3 () earthlink net> wrote:nCircle has been around for quite some time. They may no tbe classified as vulnerability scanner as Qualys is defined as, but they are in the same market segment. -----Original Message-----From: Michael Gargiullo <mgargiullo () pvtpt com> Sent: Feb 6, 2006 9:43 AM To: pen-test () securityfocus com Subject: RE: Qualys To be honest, I had never heard of nCircle before your post. Googling for "network security scanner", nCircle wasn't found within the first 20 pages. Granted, that search came up with well over 1.6 million hits. When I searched specifically for nCircle within those results, it only came up with 14,000 hits. Qualys came up with 71,500 hits. Eeye Retina scanner came up with 163,000. Nessus came up with 361,000 hits. Not that I can speak for them, but that's probably why it didn't show. Now, go through, and check pricing on those scanners (commercial support options). I will say for a corporation, the reporting options for nCircle look interesting. -Mike -----Original Message----- From: slebdawg () gmail com [mailto:slebdawg () gmail com] Sent: Saturday, February 04, 2006 12:26 PM To: pen-test () securityfocus com Subject: RE: Qualys I've worked in Info Security for one of North America's largest banks for over 8 years. Where is nCircle on this list? Based on your list of important criteria, we've found nCircle to not only fit the bill -- they've outperformed Qualys will allowing our organization to maintain control of our data. I can't tell you how many initiatives we've started because of the valuable information that we get from our IP360 implementation. In many of these cases, we found opportunities based on looking and thinking about the data in a very innovative way. If someone else were hosting our solution, we would never have the intelligence in-house to find innovative ways to use this data. Reading your article, it makes me wonder if you work for Qualys. I am truly boggled that you didn't include nCircle on your list ... even if they didn't turn out to be your vendor of choice, their absence makes me suspicious. ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------------------------------------------------------------------------------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------------------------------------------------------------------------------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- --- "Buy the ticket, take the ride" -HST Ivan Arce CTO CORE SECURITY TECHNOLOGIES http://www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Qualys, (continued)
- Re: Qualys David M. Zendzian (Feb 07)
- Re: Qualys Byron Sonne (Feb 08)
- Re: Qualys Justin Ferguson (Feb 09)
- Re: Qualys Byron Sonne (Feb 09)
- Re: Qualys US Infosec (Feb 09)
- Re: Qualys Sugiowono (Feb 10)
- Message not available
- Re: Qualys Christoph Puppe (Feb 12)
- Re: Qualys Gail Thorpe (Feb 09)
- Re: Qualys Curt Purdy (Feb 09)
- Re: Qualys Ben Nelson (Feb 09)
- Re: Qualys Ivan Arce (Feb 13)
- Re: Qualys Amit (Feb 12)
- Re: Qualys Byron Sonne (Feb 11)