PaulDotCom mailing list archives

Re: Enterprise Scan Solution

From: Ron Gula <rgula () tenable com>
Date: Mon, 06 Dec 2010 08:43:46 -0500

On Fri, Dec 3, 2010 at 5:12 AM, Nils <nils () hemmann de
<mailto:nils () hemmann de>> wrote:

    Hey,
    as the IT Security Admin for our company (1000+ IPs) I need to
    investigate in an internal scan solution which should include:
    vulnerability management (with and without credentials), web application
    assessment, report correlation, policy compliance scanning ....
    To speed up things a minimal setup time would be a plus, too.

    This is what I´ve looked into so far:
    * Nessus with Seccubus   ( Cheers Paul :-)  )
    * I`m looking at a Qualys appliance on my desk at this very moment

    What else are you guys using and what was your decision based on?

    Thanks,
    Nils


Hi there,

A Tenable SecurityCenter license for 1000 IPs is roughly $25K/US.
SecurityCenter installs as a single rpm and Nessus is also installed as
a single rpm. You can run them on the same system or put Nessus or other
Nessus scanners on other systems and manage them from the SecurityCenter
at no additional cost.

SecurityCenter will manage your scan credentials, control your Nessus
web app scans, do all sorts of reporting (age of vuln, by asset, by IP,
dynamic trending, dynamic asset classification, separate data-stores for
types of audit, .etc), has all sorts of policy audit policies. One thing
you didn't ask, is that SecurityCenter has all sorts of role-based
access, so you can give your CEO scan data and results without giving
him the ability to run scans.

If you don't want to mess around with Linux and RPMs, you can get all of
this pre-loaded on a VM image we distribute as well, or buy one of our
appliances with the image on it.

If you want to watch a quick dont-need-an-email-to-watch video, check
them out here:

http://www.nessus.org/demos/

-- 
Ron Gula, CEO
Tenable Network Security
http://www.tenable.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Better RegEX to find IPs Grymoire (Dec 01)
- Re: Better RegEX to find IPs Adrian Crenshaw (Dec 01)
  - Re: Better RegEX to find IPs Adrian Crenshaw (Dec 01)
    - Re: Better RegEX to find IPs Grymoire (Dec 02)
    - Re: Better RegEX to find IPs Adrian Crenshaw (Dec 02)
    - Enterprise Scan Solution Nils (Dec 03)
    - Re: Enterprise Scan Solution Dan McGinn-Combs (Dec 03)
    - Re: Enterprise Scan Solution Ron Gula (Dec 06)
    - Message not available
    - Re: Enterprise Scan Solution Alex Manchester (Dec 06)
    - Re: Enterprise Scan Solution Butturini, Russell (Dec 06)
    - Re: Better RegEX to find IPs Grymoire (Dec 03)
    - Re: Better RegEX to find IPs Adrian Crenshaw (Dec 03)