PaulDotCom mailing list archives
Re: Best ROI Combination - Metasploit & Training
From: Ron Gula <rgula () tenable com>
Date: Fri, 14 Dec 2012 11:54:50 +0000
Hi there, We have several customers that use SecurityCenter and Q1. For customers that want to import vuln data into Q1 from Tenable solutions, that's fine. For customers who want SecurityCenter functionality (running scans from different scanners, realtime alerting on a new vuln, managed credential scanning of an R5 system, .etc) I would not say the integration gets you there. I also appreciate the conversations about the various products. If anyone wants to see a short technical video on Nessus & SecurityCenter, there is a video here: http://www.youtube.com/watch?v=e8-om74Stjo&feature=youtu.be Ron On Dec 13, 2012, at 7:42 PM, Arch Angel wrote:
I have on my calendar to contact tenable regarding the other software in hopes to fill this gap, and has been for a few days. I'm looking to work on a whole new direction with the infrastructure design after some consideration. I believe that if the design is tweaked a bit I will not only get a super easy growth potential but also a much more cost effective solution. This solution may not be in the favor of NexPose, but may work well with Security Center/Nessus or nCircle. The requirement for Q1 Labs, QRadar product is because the global headquarters has already made steps to purchase this solution and negotiated global pricing, which honestly is fine with me. They would not have been my first choice, but in that same breath are not a bad solution. In the "Supported Products" document Nessus is not a supported Vulnerability Management solution, but Tenable Security Center is supported. I believe they are doing this by feeding Security Center the Nessus data and then pulling this data from Security Center into QRadar. So ultimately it is supported and is not an issue as of now. I just needed to be cautious of this as a minor mistake now could potentially turn into a very costly and timely mistake by the end of 2013. One thing that has been bothering me for the last few days has been the way NexPose handled credential scanning of *nix* systems. I do not feel a warm and fuzzy in my tummy about root being used like this. Not saying good or bad from a security stand point we all know allowing root direct login is well..... "less than ideal", but more so the maturity of a product which still has such a feature. Again it boils down to a warm and fuzzy, and I'm just not feeling that one. I am on absolutely no timeline to complete this! I have no intentions of rushing into a solution just because the "end of year sales price is expiring", this tactic actually tends to push me away. Whether that is corporate environment or my personal collection of pauldotcom bobble head dolls :-) I'm just not a person who runs for the discount, the discount may not always be a true cost reduction over the long haul. I mean seriously, my Larry Bobble Head broke 30 minutes after opening it. Although I was trying to find the RFID tag, but I digress.. I appreciate the feedback, it's really good to bounce ideas off others in the community and get the good/bad of others experiences with products. P.s. There never was any Pauldotcom booble head dolls for the trolls who are already emailing Paul asking how to get them. However, there is pictures of Larry being "searched" for the RFID tag by TSA. Open Google and do an image search for Larry's alias "John Strand" and it will show still shows of where he placed the RFID tag. -- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 12/13/12 2:23 PM, Todd Haverkos wrote:Arch Angel <arch3angel () gmail com> writes:Honestly Albert, I can't say that I have a legitment "reason" per say. I have found, in my experience, to get the full benefit of Nessus you really need Security Center and the other products, but in general that's not a real reason, just a personal opinion. I have just seen NexPose as a better product over all, in look, feel, and acurancy. However, again this is just my opinion I really don't have a reason outside personal preference I guess. I'm not opposed to diving deeper into Nessus and learning the advanatges or capabilities though.Robert, I would encourage shooting out Nexpose and Security Center side by side with an evaluation that gets sales engineers involved and get a quote early on for what you need. It's a fair point that Nexpose does more for an enterprise than Nessus alone does. Nessus is definitely a vulnerability scanner, but it it not alone an enterprise-centric vulnerability management and reporting system. Security Center fills that role, as you hint. Nexpose and Security Center side by side is the apples to apples comparison. Cost as of 2 years ago was within the same ballpark and was sized per IP's. If you need or want additional scan zones/scanners for a segmented network, one vendor hits you additional for those, another vendor doesn't. Get SE's from both companies involved. Pay attention to memory needed and how fast similar breadth and depth scans come back, if virtualization is important to you, see how each performs in that environment. Test the support channels. Weigh which evil (Java/Flash/HTML5) you want to live with to use the interfaces, decide how important a scriptable API might be to you to mine vuln data. Also consider the OS's of your target environment. One scanner for instance deals with *nix OS's and authenticated scans thereof a lot more elegantly than another. I know which way I went and I've been rather happy. I don't at all regret the time taken to do a full technical shootout of both. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Best ROI Combination - Metasploit & Training, (continued)
- Re: Best ROI Combination - Metasploit & Training Larry Pesce (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 07)
- Re: Best ROI Combination - Metasploit & Training Michael Allen (Dec 08)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)
- Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Josh More (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 12)
- Re: Best ROI Combination - Metasploit & Training Todd Haverkos (Dec 13)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 13)
- Re: Best ROI Combination - Metasploit & Training Ron Gula (Dec 14)
- Re: Best ROI Combination - Metasploit & Training Albert R. Campa (Dec 14)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 10)
- Re: Best ROI Combination - Metasploit & Training Ryker Exum (Dec 11)
- Re: Best ROI Combination - Metasploit & Training Arch Angel (Dec 11)