Re: Distributed Vulnerability Scanners

[Michael Murray <mmurray () ncircle com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Talisker,

As far as distributed vulnerability scanners go, I have to throw in a couple
of points.  One person already mentioned nCircle (which is where I work):
we're a totally distributed solution (multiple lightweight appliance-based 
scanners reporting to a central console that stores all the data for all of 
the appliances).  As well, I'd say that our vulnerability coverage and 
accuracy is among the best out there.  Of course, I may have a bit of a 
bias... ;)

Note that I wouldn't put Nessus in the truly "distributed" model.  In my
experience, though it uses a client-server model, it really doesn't have a
good way to control multiple scanner instances from a single point.  (IIRC,
Tenable's solution is an attempt to put some sort of way to do that on top of
nessus).  As well, I have heard that Foundstone's Foundscan product suffers
from a similar limitation, but I haven't validated that firsthand.

In all seriousness, and bias aside, due to the fact that you can truly 
distribute scanners throughout the network (regardless of where your data 
store and reporting interface is) I'd put nCircle's stuff at the top in
terms of true distributed scanning...

M


On Wednesday 05 March 2003 2:56 pm, Talisker wrote:
> Hi
> I'm looking for vulnerability scanners that will do their business
> remotely, especially useful for distributed networks with low bandwidth or
> managed services.
>
> I only know of 3:
> Lightning Proxy
> http://www.tenablesecurity.com/proxy.html
>
> Nessus
> http://www.nessus.org/features.html
>
> Retina
> http://www.eeye.com/html/Products/Retina/index.html
>
> Does anyone know of any more, I would suggest that this excludes web based
> scanners like shieldsup etc as they don't resolve the bandwidth issue, was
> the problem with shieldsup (demonstrated at BlackHat Europe 2001) ever
> resolved whereby you could use it to scan anyone you wished??
>
> Anyway the list when completed will appear here, though it's not on the
> site navigation yet.
> http://www.networkintrusion.co.uk/dist.htm
>
> Sorry about the amount of posts of late but I have been on vacation and
> therefore have time to read my email.
>
> take care
> -andy
> Taliskers Network Security Tools
> http://www.networkintrusion.co.uk
>
>
> ---------------------------------------------------------------------------
> -
>
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html

- -- 
- -----------------------------------------------------
| Michael Murray, CISSP          <mmurray () nCircle com>
| Manager, Exposure Research and Ontology
| nCircle Network Security                415-625-5968
| cell - 415.297.3576
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+aPNTUsC8b1YJAp8RAgyLAJoCshqoOK7FX3a1lI3/O6uUPHeB8ACffy77
rZQahtmORPk8PrIqIlibZdQ=
=dLn6
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html