Re: Vulnerability Management tools

[Frank Barton <bartonf () HUSSON EDU>]

Thank you for the responses so far, We have test-driven SecurityCenter, and
are in the middle of a test-drive of Qualys' tools.

I completely agree that the processes on our end are the most important,
and we think we have a fairly good handle on those. The aspect that we are
looking at is the gathering, and presentation of the information so that we
know what we need to address, and so that we can correctly prioritize our
responses.

Craig and Mick, If you don't mind me asking, what were some of the deciding
factors that helped you decide to go with Tenable over Qualys? we have been
using Nessus Professional for just under a year (and gotten very good
results), but we are looking to add in some of the trending, and the larger
picture information that some of these other tools provide.

Thank You
Frank

On Wed, Dec 9, 2015 at 10:58 AM, DiGrazia, Mick A <mick.digrazia () uconn edu>
wrote:

> Use use SecurityCenter and Nessus Cloud as well. We’ve been pleased with
> them. I find Tenable to be a reasonable company – they make solid products
> at a great price and provide good support.
>
> I would agree that the tool is less important than your overall process.
> Whatever tool you get is only going to provide you with information. It
> will be up to you to ‘manage’ the vulnerability situation
>
> Good luck
>
> Mick A. DiGrazia
> University of Connecticut
> Information Technology Services
> (860) 486-1336
> mick.digrazia () uconn edu
>
> From: The EDUCAUSE Security Constituent Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Edgmand, Craig" <
> craig.edgmand () OKSTATE EDU>
> Reply-To: The EDUCAUSE Security Constituent Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU>
> Date: Wednesday, December 9, 2015 at 10:44 AM
> To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
> Subject: Re: [SECURITY] Vulnerability Management tools
>
> Frank,
>
>
>
>        The solution that you choose is not as important as the processes
> you have in place. The policies and the politics are the hard parts. You
> need to know your assets, have contacts, have timelines for fixing vulns, a
> way of prioritizing what gets fixed, etc…
>
>
>
>         That said both Qualsys and Tenable are very good products, we just
> happen to use SecurityCenter and Nessus Cloud and are very happy with them.
>
>
>
>        If you need more technical info about Tenable you can e-mail me
> offline.
>
>
>
> Thanks,
>
>
>
> Craig Edgmand
>
> Oklahoma State University
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Frank Barton
> *Sent:* Wednesday, December 09, 2015 8:54 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Vulnerability Management tools
>
>
>
> Good morning folks, We are looking at tools for vulnerability management,
> and have identified both Qualys and Tennable SecurityCenter as
> possibilities. I was wondering if there was anybody here that could speak
> to having used either (or others that we should look at), pros, cons,
> indifferents, etc.
>
>
>
> Thank You
>
> Frank
>
>
>
> --
>
> Frank Barton
>
> ACMT
>
> IT Systems Administrator
>
> Husson University


-- 
Frank Barton
ACMT
IT Systems Administrator
Husson University