Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Vulnerability Scanner Recommendations
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Thu, 15 Nov 2012 12:27:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Nov 15, 2012 at 11:21:54AM -0500, Greg Schmalhofer wrote:
 
   Can anyone recommend a particular vulnerability scanner software, product,
   appliance, or service that you are using at your campus? This is a need at
   our campus and I am trying to review the different options available for a
   small campus. Thanks for any help, insight, or feedback you can provide.

If you're looking for something to raise general awareness or you need
something low-cost to justify one of the more expensive solutions,
OpenVAS is a fork of Nessus 2.2. Nessus has a significantly larger
vulnerability base and significant speed/threading improvements but for
a smaller campus, limited budgets or as a proof-of-necessity, OpenVAS is
a solid product. I vaguely remember it taking about twenty or thirty minutes to
stand up an Ubuntu Server VM with OpenVAS ready to go. Yes, I use it
regularly for scanning inside my department.

Nessus is the gold standard in this space. It's a solid product and yes,
we're customers.

Nexpose from Rapid7 is solid but pricey. The generic reports are nearly
identical to what you get from Nessus and OpenVAS but their remediation
and custom reports are great, plus you get a product that can intimately
interact with Metasploit (now a Rapid7 product as well). Call them,
schedule a demo, it's very cool. We're not customers but I still
appreciate what I've seen of it via friends in the VA/PT space and other
institutions.

AlienVault ships with OpenVAS (you can replace it with Nessus) and
provides Snort and OSSEC, as well as some decent log aggregation/search
(I prefer ELSA for logs but I digress...). They have an upgrade route
from their free product (OSSIM) to their proprietary product and offer a
28-day evaluation of their "Unified Security Management" appliance. I
had some issues with OSSIM in a virtual environment but that was a
couple of years ago and they've made huge strides. I'm hoping to get one
of the USMs on campus in the near future.

Good luck!

kmw

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlClJeoACgkQsKMTOtQ3fKGi8wCfRKSqrIuwzTyKPWZ2kXSQRz4Q
V50AoKuifVKBfnAMaF4d2s1pDLf0B35K
=yyqH
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault