Re: Vulnerability assessment with remediation tool

[Todd Haverkos <infosec () haverkos com>]

joshi.komban () caridianbct com writes:

> Anyone has any good suggession on the tools that is availbale in the
> market in the areas of Vulnerability assessement + remediation in
> single product? 

Joshi, 

While not what a pentester would consider a vulnerability assessment
tool, I sense you are seeking something that will tell you that you have
vulnerabilities on an endpoint (be they missing patches on OS and
commonly used third party products, or via an unwise configuation
choice) and will then automagically push those patches and make the
config tweaks to match your policies on an affected machine.  Is that
accurate?

If so, look into BigFix.  Specifically their patch and vulnerability
management products.  They were quite recently purchased by IBM and
hopefully not to be eviscerated.

http://www.bigfix.com/content/security-configuration-and-vulnerability-management 


Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------