PaulDotCom mailing list archives
Nessus vs McAfee Vulnerability Management
From: rgula at tenablesecurity.com (Ron Gula)
Date: Thu, 11 Mar 2010 07:52:53 -0500
On 3/10/2010 2:57 PM, subzer0girl wrote:
I need a little help convincing the purchasing people that I need Nessus. They are suggesting McAfee Vulnerability Management is a viable alternative. I want to stick with Nessus since that is what I have experience with. I've googled for a comparison of the two products but haven't found anything of value. Does anyone have experience with how the two products compare ? Any help would be appreciated Sandy
Hi Sandy, Comparing Nessus to FoundScan as a scanner, please consider: - When you look at total number of CVEs covered, Nessus has more. We publish our counts here: http://www.nessus.org/plugins/index.php?view=all Don't use total unique checks as a measure as it is very deceptive. - Tenable has added very cool features for enterprise auditing such as netstat side port scanning, the ability to support remote registry enable/disable during the scan and su/sudo support for Unix. I do not think these are in FoundScan, but would love to hear from users. - Tenable has put a lot of effort into the quality and thoroughness of Nessus's web app tests. I have not seen these types of checks or settings available in FoundScan. For an enterprise though, a more accurate comparison would indeed be using Security Center vs. FoundScan. - There is no cost for additional Nessus scanners, whereas with FoundStone, you need to buy each scanner. - Security Center includes certification checks for CIS, FDCC, PCI, DISA STIG and lots more. FoundScan has some of that, but McAfee actually has a separate product focused on config testing. - Most of Tenable's success in the enterprise space has been with Security Center 3. We are about to ship Security Center 4 which has some very cool features I've not seen in any vuln scan solution such as being able to graph patches installation events against measured vulns, or displaying per-asset trends of vulnerability ages. If you are interested, you can read about it here: http://www.nessus.org/u?8d097d41 Lastly, I'll make one pitch for our Passive Vulnerability Scanner. At RSA, I asked a lot of folks who stopped by our booth how often they scan their network and often got answers of weekly or monthly uncredentialed scans. With the PVS, vulnerability discovery is realtime AND you get client side vulnerabilities. If you have further questions, please contact me offlist. -- Ron Gula, CEO Tenable Network Security
Current thread:
- Nessus vs McAfee Vulnerability Management subzer0girl (Mar 10)
- Nessus vs McAfee Vulnerability Management John Strand (Mar 10)
- Nessus vs McAfee Vulnerability Management Albert R. Campa (Mar 10)
- Nessus vs McAfee Vulnerability Management Chris Merkel (Mar 10)
- Nessus vs McAfee Vulnerability Management Ng Choon Kiat (Mar 10)
- Nessus vs McAfee Vulnerability Management John Strand (Mar 11)
- Nessus vs McAfee Vulnerability Management Ron Gula (Mar 11)
- Nessus vs McAfee Vulnerability Management Michael Dickey (Mar 11)
- Nessus vs McAfee Vulnerability Management John Strand (Mar 10)