Re: Small/Medium Business Scanner

[Ron Gula <rgula () tenable com>]

I'd only add that the licensing cost of SecurityCenter is roughly $15k
for 500 IPs you are getting vulnerabilities for. We sell a good bit of
SecurityCenter to SMBs who have 100s of devices they want to schedule
scans for, have multiple Nessus scanners, perform configuraiton audits,
have a dashboard, run different types of users, .etc.

Ron

On 1/19/2011 8:50 AM, John Strand wrote:
> You know I am biased.
>
> However, I have had nothing but good results from Nessus.
>
> Also, the reporting in the newest version is miles better then it was.
>
> For the cost, you cannot beat it.
>
> There has been a few people I have talked to recently that say that
> Nessus does not do DB, network device or application level checks. Some
> say, it only does OS checks.  I do not quite know where this rumor
> started, but it is untrue.   It does excellent checks on these devices.
>
> I am sure Paul or Ron know the specifics.
>
> *Summon Gula or Asadorian!*
>
> Finally, check out the credentialed scans. Rather than just checking for
> external vulnerabilities, you can also check client side software as well.
>
> HTH,
>
> John
>
>
>
> On Tue, Jan 18, 2011 at 10:59 AM, Butturini, Russell
> <Russell.Butturini () healthways com
> <mailto:Russell.Butturini () healthways com>> wrote:
>
>     I'd just double check and make sure you understand the licensing
>     options for Nexpose.  There are some very affordable ones that
>     don't' require buying big hardware and are optimized to run on
>     notebook PCs.
>
>     -----Original Message-----
>     From: pauldotcom-bounces () mail pauldotcom com
>     <mailto:pauldotcom-bounces () mail pauldotcom com>
>     [mailto:pauldotcom-bounces () mail pauldotcom com
>     <mailto:pauldotcom-bounces () mail pauldotcom com>] On Behalf Of Zate Berg
>     Sent: Tuesday, January 18, 2011 10:29 AM
>     To: PaulDotCom Security Weekly Mailing List
>     Subject: Re: [Pauldotcom] Small/Medium Business Scanner
>
>     I'd vote for Nessus in your situation too.  Possibly combine it with
>     something like Seccubus (V2 is due out soon).
>
>     Zate
>
>
>
>     On Tue, Jan 18, 2011 at 10:00 AM, Dark Harper <darkharper2 () gmail com
>     <mailto:darkharper2 () gmail com>> wrote:
>     > Hi all,
>     >
>     > This ones probably been around and around a dozen times but I'm after
>     > some advice/recommendations on a vulnerability scanner for a small to
>     > medium sized business.
>     >
>     > My short list is now down to two - Nessus or NeXpose.
>     >
>     > Our environment is spread across three sites, around 50 nodes in
>     each. 
>     > The sites are not permanently linked.  One of those sites is PCI
>     DSS compliant.
>     > I've been using OpenVAS but am not a fan.  Access to remote scanners
>     > is via SSH tunnels/small links.
>     >
>     > Cost is definitely a consideration as budget is tight this year.  I'm
>     > leaning towards Nessus as it is miles cheaper than NeXpose and
>     > requires much lower spec hardware from what I can tell. Recent
>     > Metasploit plugin is also a plus. Can anyone say why I would put
>     up the extra cash for NeXpose?
>     >
>     > -Dark
>     >
>     >
>     >




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com