Re: [PEN-TEST] Security Scanner (Commercial vs Freeware)

[Steve <steve () SECURESOLUTIONS ORG>]

In my past jobs, I had written some product reviews on different scanners
(http://www.ntsecurity.net/Articles/Index.cfm?StartRow=21&MaxRows=20&Total=3
9&AuthorID=1022).  I have looked at most of the commercial ones and a couple
of the freeware ones.

In my opinion, the freeware/OPEN SOURCE (don't know if there are any free
closed source scanners out there but I would stay away from them....) are
great providing you have the staff and expertise to modify and constantly
update the products.

If you want a product that you don't have to worry about updating and
modifying, the commercial scanners are best.  These days, when looking at
buying a scanner you have to look at who is supporting the product and who
is updating it.  Sure there are a lot of scanners out there that claim to
scan for a lot of vulnerabilities.  But you have to ask yourself if you are
able to trust and rely on the security team that is providing the
information and updates to the product.  It is more than the
vulnerability/check count as each vendor counts checks differently than the
other.

My other issue with commercial scanner products is that most of them market
themselves as "so easy that you don't need to be a security expert to run".
This is a little misleading, sure you may not need to be a complete expert,
but you are still going to have to be able to understand the information
presented to you and understand how to address the problems.

Information Security Magazine, I don't know the URL so sorry, also did some
complete reviews of security scanners and more importantly, the security
teams behind the scanners.

No matter what scanner product you use you will not capture 100% of the
vulnerabilities nor will you ever secure a box 100%, but you will end up
with a product that automates a lot of tasks and gives you some nice
reporting.

Just my $.02.

> Hi everyone.  I was wondering if anyone would mind comparing and
> contrasting
> for me the benefits / liabilities of using a commercial product (such as
> Cybercop, ISS, or Retina) vs. something freeware like Nesses.  If you know
> of any other commercial or freeware scanners please feel free to include
> them in the comparison.

------------------------------------------------------------------------

Steve Manzuik                                   Calgary, Alberta, Canada
Moderator - Win2K Security Advice               (403)660-2997

Security Analyst - Bindview RAZOR Team
smanzuik () razor bindview com
http://razor.bindview.com

* - The opinions expressed in this email are mine, and mine alone.  They - *
* - do not reflect those of my employer or anyone else for that matter.  - *

------------------------------------------------------------------------