Educause Security Discussion mailing list archives
Re: Vulnerability Management tools
From: "DiGrazia, Mick A" <mick.digrazia () UCONN EDU>
Date: Wed, 9 Dec 2015 18:07:17 +0000
For us, the decision came down to cost (initial plus maintenance), authentication integration (LDAP/CAS), the ability to do RBAC, and PCI compliance requirements. We were satisfied with auth and RBAC of almost everything we looked at. Cost became a big factor, and we liked Tenable's ability to do PCI compliance without the need for a dedicated QSV, in a manner we can control (the Nessus Cloud service). HTH Mick A. DiGrazia University of Connecticut Information Technology Services (860) 486-1336 mick.digrazia () uconn edu<mailto:mick.digrazia () uconn edu> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Frank Barton <bartonf () HUSSON EDU<mailto:bartonf () HUSSON EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, December 9, 2015 at 11:40 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] Vulnerability Management tools Thank you for the responses so far, We have test-driven SecurityCenter, and are in the middle of a test-drive of Qualys' tools. I completely agree that the processes on our end are the most important, and we think we have a fairly good handle on those. The aspect that we are looking at is the gathering, and presentation of the information so that we know what we need to address, and so that we can correctly prioritize our responses. Craig and Mick, If you don't mind me asking, what were some of the deciding factors that helped you decide to go with Tenable over Qualys? we have been using Nessus Professional for just under a year (and gotten very good results), but we are looking to add in some of the trending, and the larger picture information that some of these other tools provide. Thank You Frank On Wed, Dec 9, 2015 at 10:58 AM, DiGrazia, Mick A <mick.digrazia () uconn edu<mailto:mick.digrazia () uconn edu>> wrote: Use use SecurityCenter and Nessus Cloud as well. We’ve been pleased with them. I find Tenable to be a reasonable company – they make solid products at a great price and provide good support. I would agree that the tool is less important than your overall process. Whatever tool you get is only going to provide you with information. It will be up to you to ‘manage’ the vulnerability situation Good luck Mick A. DiGrazia University of Connecticut Information Technology Services (860) 486-1336<tel:%28860%29%20486-1336> mick.digrazia () uconn edu<mailto:mick.digrazia () uconn edu> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of "Edgmand, Craig" <craig.edgmand () OKSTATE EDU<mailto:craig.edgmand () OKSTATE EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, December 9, 2015 at 10:44 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] Vulnerability Management tools Frank, The solution that you choose is not as important as the processes you have in place. The policies and the politics are the hard parts. You need to know your assets, have contacts, have timelines for fixing vulns, a way of prioritizing what gets fixed, etc… That said both Qualsys and Tenable are very good products, we just happen to use SecurityCenter and Nessus Cloud and are very happy with them. If you need more technical info about Tenable you can e-mail me offline. Thanks, Craig Edgmand Oklahoma State University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank Barton Sent: Wednesday, December 09, 2015 8:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Vulnerability Management tools Good morning folks, We are looking at tools for vulnerability management, and have identified both Qualys and Tennable SecurityCenter as possibilities. I was wondering if there was anybody here that could speak to having used either (or others that we should look at), pros, cons, indifferents, etc. Thank You Frank -- Frank Barton ACMT IT Systems Administrator Husson University -- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Vulnerability Management tools Frank Barton (Dec 09)
- Re: Vulnerability Management tools David D Grisham (Dec 09)
- Re: Vulnerability Management tools Edgmand, Craig (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools Frank Barton (Dec 09)
- Re: Vulnerability Management tools Brad Judy (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools O'Callaghan, Daniel (Dec 09)