Re: Need Vulnerability Management Tool Review

[Metahuman <metahuman () gmail com>]

IMHO, QualysGuard is something you should really look at
http://www.qualys.com/ Never have I seen an intelligent tool as this
one.

- M.

My Security Blog @ http://www.pentestit.com/

On Thu, Oct 11, 2012 at 6:54 PM, Bryan <brakeb () gmail com> wrote:
> We use Critical Watch at our office.  During our last quarterly PCI
> scan (~3 weeks ago), the QSA used Rapid7's tool, Nexpose.  Between the
> two outputs, we found that approximately 36% of the scan results in
> Nexpose did not show up in our CW scan, and additional 24% showed up
> in our CW scan that did not show up in the Nexpose scan, and the
> reports agreed on the remainder.  This was with a total of around 300
> vulnerabilities.  We are not running credentialed scans, so the Apache
> and OpenSSL vulns found are largely false positives. We run RHEL5 and
> 6, so the scans appear to look at just the $version and not
> $version-$release, so 'httpd-2.2.3-63.el5_8.1.x86_64.rpm' is seen by
> CW and apparently Nexpose as '2.2.3'
>
> We are currently talking to CW about both the version issue and the
> fact they missed a ton of CVEs. We have also asked the QSA to talk to
> Rapid7 as well.
>
> This is just something to think about when getting one of these tools.
>  You may not be seeing the whole picture.
>
> On Thu, Oct 11, 2012 at 5:31 AM, neo anderson <amol.netsec () gmail com> wrote:
> > Shiva,
> >
> > Not sure if you have heard about CriticalWatch.
> > http://www.criticalwatch.com/solutions/vulnerability-management/
> >
> > Based on personal opinion, here are the ratings out of 5.
> >
> > •       Features   *** 1/2
> > •       Ease of Use ****
> > •       Performance ****
> > •       Documentation ***
> > •       Support *****
> > •       Value for Money *****
> > •       Effectiveness in finding Vulnerability Finding ***
> >
> > Cheers.
> >
> > On Wed, Oct 10, 2012 at 9:09 AM,  <shivaone () gmail com> wrote:
> > > Hi Team,
> > >
> > >      We are evaluating Vulnerability Management Tool,  I need your help review or rate these tool on the base of 
> > > below listed points or any, If you have any recommendation of tool its most except able
> > >
> > > Tool Are-NeXpose ,NESSUS, Retina,GFI LanGurd
> > > •       Features
> > > •       Ease of Use
> > > •       Performance
> > > •       Documentation
> > > •       Support
> > > •       Value for Money
> > > •       Effectiveness in finding Vulnerability Finding
> > >
> > > ------------------------------------------------------------------------
> > > Securing Apache Web Server with thawte Digital Certificate
> > > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > > certificates.
> > >
> > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------