Educause Security Discussion mailing list archives
Re: Vulnerability Management tools
From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 9 Dec 2015 11:40:16 -0500
Thank you for the responses so far, We have test-driven SecurityCenter, and are in the middle of a test-drive of Qualys' tools. I completely agree that the processes on our end are the most important, and we think we have a fairly good handle on those. The aspect that we are looking at is the gathering, and presentation of the information so that we know what we need to address, and so that we can correctly prioritize our responses. Craig and Mick, If you don't mind me asking, what were some of the deciding factors that helped you decide to go with Tenable over Qualys? we have been using Nessus Professional for just under a year (and gotten very good results), but we are looking to add in some of the trending, and the larger picture information that some of these other tools provide. Thank You Frank On Wed, Dec 9, 2015 at 10:58 AM, DiGrazia, Mick A <mick.digrazia () uconn edu> wrote:
Use use SecurityCenter and Nessus Cloud as well. We’ve been pleased with them. I find Tenable to be a reasonable company – they make solid products at a great price and provide good support. I would agree that the tool is less important than your overall process. Whatever tool you get is only going to provide you with information. It will be up to you to ‘manage’ the vulnerability situation Good luck Mick A. DiGrazia University of Connecticut Information Technology Services (860) 486-1336 mick.digrazia () uconn edu From: The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Edgmand, Craig" < craig.edgmand () OKSTATE EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, December 9, 2015 at 10:44 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Vulnerability Management tools Frank, The solution that you choose is not as important as the processes you have in place. The policies and the politics are the hard parts. You need to know your assets, have contacts, have timelines for fixing vulns, a way of prioritizing what gets fixed, etc… That said both Qualsys and Tenable are very good products, we just happen to use SecurityCenter and Nessus Cloud and are very happy with them. If you need more technical info about Tenable you can e-mail me offline. Thanks, Craig Edgmand Oklahoma State University *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Frank Barton *Sent:* Wednesday, December 09, 2015 8:54 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Vulnerability Management tools Good morning folks, We are looking at tools for vulnerability management, and have identified both Qualys and Tennable SecurityCenter as possibilities. I was wondering if there was anybody here that could speak to having used either (or others that we should look at), pros, cons, indifferents, etc. Thank You Frank -- Frank Barton ACMT IT Systems Administrator Husson University
-- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Vulnerability Management tools Frank Barton (Dec 09)
- Re: Vulnerability Management tools David D Grisham (Dec 09)
- Re: Vulnerability Management tools Edgmand, Craig (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools Frank Barton (Dec 09)
- Re: Vulnerability Management tools Brad Judy (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools O'Callaghan, Daniel (Dec 09)