Dailydave mailing list archives

Re: VA Vendor Tip?

From: mOses <trklisted () networksamurai org>
Date: Thu, 07 Jun 2007 10:57:31 -0400

I used did a VA analysis for a large company (38,000 nodes). I think the
following are excellent products to look at.

Retina/REM (the ability to support 'dod' type environments by being able
to meet a 4 hour release cycle is important. Vulnerablity research is
pretty good at the company which is always a bonus, weather it meets up
to par with everyone....you can't please everyone right?)

Nexpose (runs on linux and windows, also can do some metasploit type
work and also some spi dynamics type xss stuff.... if you really need to
do that however purchase core/canvas or spi dynamics...though right?)

QualysGuard (an asp model... has its advantages such as everyone feeds
back data to one central point...like fingerprinting info...)

just my 2cents..

mOses
networksamurai.org

The Sun wrote:

I have used Retina, Internet Scanner, GFI LNSS, and Nessus. Recently I
evaluated QualysGuard and would recommend it over all the others.
I have heard that nCircle has a good VA product too.
 
The reporting is excellent. Plus the updates are very quick.
 

    ----- Original Message -----
    *From:* Jeff Moore <mailto:cisoguy () gmail com>
    *To:* dailydave () lists immunitysec com
    <mailto:dailydave () lists immunitysec com>
    *Cc:* full-disclosure () lists grok co uk
    <mailto:full-disclosure () lists grok co uk> ;
    Higgins () DarkReading com <mailto:Higgins () DarkReading com>
    *Sent:* Tuesday, June 05, 2007 9:14 PM
    *Subject:* [Dailydave] VA Vendor Tip?

    Does anyone on the list have a good recommendation for a VA
    software vendor?  I am currently an eEye Retina customer but need
    to find a better solution with an actual development team in place
    to support that solution.  Is Tenable a good choice?
     
     
    http://www.darkreading.com/document.asp?doc_id=125486&WT.svl=news1_4
    <http://www.darkreading.com/document.asp?doc_id=125486&WT.svl=news1_4>
     
    "Preview represents the third "pillar" of eEye's business, says
    Marc Maiffret, CTO and chief hacking officer for eEye, joining its
    flagship Retina Network Scanner and Blink endpoint security
    software. eEye made a name for itself after discovering, and
    naming, the infamous CodeRed worm in 2001. "
     
    Third pillar?  The other two pillars are crumbling so they set up
    a third one to prop up what is left.  As a Retina customer I am
    very dissatisfied to see that eEye just fired the entire team
    responsible for Retina including guys like Ryan Permeh.  They also
    cut their QA team which will make bad products even worse.  Their
    engineering staff is down to three or four guys and they want to
    jump in the professional services game?
     
    What research team are you trying to sell?  The only
    researcher you have left is this guy -
    http://datarescue.com/idabase/hallofshame.html and of course chief
    hacking officer who has never discovered a bug. 
     
    "eEye made a name for itself after discovering, and naming, the
    infamous CodeRed worm in 2001. "
     
    It is now 2007.  What have you done lately eEye?  I don't think
    anyone cares that you "discovered" a 6 year old worm.  Your
    customers want stability and a future not a scheme (preview) for
    your VC to grab some extra cash before they turn out the lights.
     
    So while you are chasing 50K from those who are still impressed by
    CodeRed and stolen copies of IDA your core customers, those who
    you have abandoned like you did the engineers responsible for
    those products will take their money to other more stable vendors
    that offer some sort of stability.
     
    Maybe is time to throw in the towel.  If Retina is the flagship
    then that ship has sailed into some rocks and sunk.
     
    -J

    ------------------------------------------------------------------------
    _______________________________________________
    Dailydave mailing list
    Dailydave () lists immunitysec com
    http://lists.immunitysec.com/mailman/listinfo/dailydave

------------------------------------------------------------------------

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

VA Vendor Tip? Jeff Moore (Jun 05)
- Re: VA Vendor Tip? The Sun (Jun 06)
  - Re: VA Vendor Tip? mOses (Jun 07)
    - Re: VA Vendor Tip? Harrison, Daniel (Jun 07)
    - Re: VA Vendor Tip? Jeff Moore (Jun 07)