Re: Vulnerability Management Product.

["Keller, Alex" <axkeller () STANFORD EDU>]

Hi Robert,

Both Qualys and Rapid7 (Nexpose) are mature and potentially effective products in the vulnerability management genre. 
Ultimately the success of your initiative will likely depend more on the remediation lifecycle process and buy in from 
management/stakeholders (the carrot & stick), than which specific tool(s) you select. I would strongly recommend 
running a scoped pilot to inform steps toward a wider deployment. Qualys or Rapid7 (or other top vendor in this space) 
should be happy to accommodate a free test drive of their product, providing an invaluable opportunity to run it 
through the paces in your environment while measuring the responsiveness of their sales and support team.

This 2013 Gartner MarketScope for Vulnerability Assessment is a bit dated but provides a good entry point (not vouching 
for the satisnet.co.uk site, they just happen to have a copy of the report for linking): 
http://www.satisnet.co.uk/pdfs/Gartner-MarketScope-Vulnerability-Assessment-2013.pdf

I'd be happy to chat offline about our experiences, pitfalls, etc.

Best,
Alex 


Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu  
(650) 736-6421


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert 
Olivarez
Sent: Monday, March 30, 2015 9:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability Management Product.

 
Hi, is anyone using a Vulnerability Management tool? We are looking at the following products and were wondering if 
anyone had any input.
 
Qualys
Trustwave
NetIQ
Rapid 7
RSAM









Robert Olivarez                                                
Technology Security Awareness Specialist
Technology Security Services, ITS
New York University
http://www.nyu.edu/its/security