RE: Why eEye Retina (was MBSA scanner)

[Román Ramírez <rramirez () chasethesun es>]

Hello,

About Retina I must say that is one of the best audit tools I have
used... 

False positives are AND WILL BE in the market and in every security
tool, and Languard is not the best example about not-having false
positives (in my experiencie every network device I test has SNMP public
community as GFI shows :) )

I don't know if you are a final customer or a consultant, but one of the
auditor's tasks is to verify vulnerabilities and remove false positives
(and try to get more info about false negatives).


I know a lot about Netrecon, about the (deceased) cybercop, nessus and
newt, sara, saint, and for my experience I will take Retina and Nessus
without any doubt, efficience and productivity.

About your comments about the company, well, they are one of the best
security companies (for my experience @stake, eeye, bindview) and they
have a BIG customer support department, and of course, check if Nessus
has the same "customer support" (mailing lists that of course you can
find in eEye Web site too).

I have a deep experience with eEye in big projects and I know some
customers that are very happy with their tools (my own company in top of
the list).

Hope this helps

--
Roman Ramirez
Director General
Chase The Sun

+34 609 490 156
mailto:rramirez () chasethesun es
http://www.chasethesun.es 

> -----Mensaje original-----
> De: clarke-cummings () columbus rr com 
> [mailto:clarke-cummings () columbus rr com] 
> Enviado el: martes, 20 de abril de 2004 16:37
> Para: pen-test () securityfocus com
> Asunto: Why eEye Retina (was MBSA scanner)
>
>
> Hello Everyone,
>
> We recently began evaluating eEye's Retina product for our 
> vulnerability assessment tool.  We have found the results to 
> be very inconsistent, showing us vulnerable to issues that 
> have been patched.  We've verified the patches manually, with 
> MBSA, HFNETCHK, and LanGuard.  eEye didn't have a good answer 
> as to why the results were so inconsistent.  Any guesses?
>
> Also, how is their support response for those that are 
> customers?  As a trial customer they aren't a very impressive 
> organization.
>
> Thanks in advance for the help.
>
> Cheers,
> Clarke
>
> --------------------------------------------------------------------
> mail2web - Check your email from the web at http://mail2web.com/ .
>
>
>
> --------------------------------------------------------------
> ----------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and 
> get $545 off any course! All of our class sizes are 
> guaranteed to be 10 students or less to facilitate one-on-one 
> interaction with one of our expert instructors. Attend a 
> course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art 
> hacking lab. Master the skills of an Ethical Hacker to better 
> assess the security of your organization. Visit us at: 
> http://www.infosecinstitute.com/courses/ethical>
_hacking_training.html
> --------------------------------------------------------------
> -----------------


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------