PaulDotCom mailing list archives
Re: Small/Medium Business Scanner
From: Ron Gula <rgula () tenable com>
Date: Wed, 19 Jan 2011 10:12:29 -0500
I'd only add that the licensing cost of SecurityCenter is roughly $15k for 500 IPs you are getting vulnerabilities for. We sell a good bit of SecurityCenter to SMBs who have 100s of devices they want to schedule scans for, have multiple Nessus scanners, perform configuraiton audits, have a dashboard, run different types of users, .etc. Ron On 1/19/2011 8:50 AM, John Strand wrote:
You know I am biased. However, I have had nothing but good results from Nessus. Also, the reporting in the newest version is miles better then it was. For the cost, you cannot beat it. There has been a few people I have talked to recently that say that Nessus does not do DB, network device or application level checks. Some say, it only does OS checks. I do not quite know where this rumor started, but it is untrue. It does excellent checks on these devices. I am sure Paul or Ron know the specifics. *Summon Gula or Asadorian!* Finally, check out the credentialed scans. Rather than just checking for external vulnerabilities, you can also check client side software as well. HTH, John On Tue, Jan 18, 2011 at 10:59 AM, Butturini, Russell <Russell.Butturini () healthways com <mailto:Russell.Butturini () healthways com>> wrote: I'd just double check and make sure you understand the licensing options for Nexpose. There are some very affordable ones that don't' require buying big hardware and are optimized to run on notebook PCs. -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com <mailto:pauldotcom-bounces () mail pauldotcom com> [mailto:pauldotcom-bounces () mail pauldotcom com <mailto:pauldotcom-bounces () mail pauldotcom com>] On Behalf Of Zate Berg Sent: Tuesday, January 18, 2011 10:29 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Small/Medium Business Scanner I'd vote for Nessus in your situation too. Possibly combine it with something like Seccubus (V2 is due out soon). Zate On Tue, Jan 18, 2011 at 10:00 AM, Dark Harper <darkharper2 () gmail com <mailto:darkharper2 () gmail com>> wrote: > Hi all, > > This ones probably been around and around a dozen times but I'm after > some advice/recommendations on a vulnerability scanner for a small to > medium sized business. > > My short list is now down to two - Nessus or NeXpose. > > Our environment is spread across three sites, around 50 nodes in each. > The sites are not permanently linked. One of those sites is PCI DSS compliant. > I've been using OpenVAS but am not a fan. Access to remote scanners > is via SSH tunnels/small links. > > Cost is definitely a consideration as budget is tight this year. I'm > leaning towards Nessus as it is miles cheaper than NeXpose and > requires much lower spec hardware from what I can tell. Recent > Metasploit plugin is also a plus. Can anyone say why I would put up the extra cash for NeXpose? > > -Dark > > >
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Small/Medium Business Scanner Dark Harper (Jan 18)
- Re: Small/Medium Business Scanner Zate Berg (Jan 18)
- Re: Small/Medium Business Scanner Butturini, Russell (Jan 18)
- Re: Small/Medium Business Scanner John Strand (Jan 19)
- Re: Small/Medium Business Scanner Ron Gula (Jan 19)
- Re: Small/Medium Business Scanner Kevin Shaw (Jan 19)
- Re: Small/Medium Business Scanner Paul Asadoorian (Jan 19)
- Re: Small/Medium Business Scanner Dark Harper (Jan 26)
- Re: Small/Medium Business Scanner Butturini, Russell (Jan 18)
- Re: Small/Medium Business Scanner Zate Berg (Jan 18)