Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: vulnerability scanners
From: Michael Dickey <lonervamp () gmail com>
Date: Tue, 31 Aug 2010 13:11:55 -0500

Definitely put Nessus at the top of your list, largely due to their long
history. And everyone should have, at the least, passing familiarity with
it.

I second and third everyone who says to be sure and try it out for a while.
Vulnerability scanners that fairly accurately scan are the easy part. The
hidden "cost" of owning these scanners is the ongoing tuning and cleaning of
the reports/findings. Can you mark things permanently ignored/accepted so
you don't have to manage that same false positive every month? Or do you
have to jeopardize the integrity of your scanning by turning off
targets/checks? Can you group assets? Can you use a mini-ticketing system
inside the tool to remediate findings (and track them)? Can you live with
the reports or do they spit out 1,500 page reports that no one can manage?
Do they throw you Crystal Reports or other DIY/"customizable" reports that
take you 6 months to effectively learn how to use? And so on...

I'd suggest setting up a multi-system test lab with known vulns, run a scan
with all checks turned on, fix some of the vulns, run another scan, and see
how you can live with the results.

You could compare whatever you choose against other options like McAfee
Foundstone (stupidly rebranded as the amazingly original and easily
searchable "Vulnerability Manager") or TrustWave's offerings.

If you're selling the idea of investment into a vuln scanner, don't forget
about the operational cost of maintaining the targets list and managing the
results! I've really never seen a clean vulnerability scan of a system
(particularly Windows) that didn't have significant analyst investment to
keep it clean and explain away the false positives or accepted issues.



On Tue, Aug 31, 2010 at 11:02 AM, Andrew Anderson <andycapp92 () gmail com>wrote:

So I'm looking to justify the purchase of a vulnerability scanning product
and am looking for some objective opinions.

I am partial to Nessus, due in part to the fact that I have used it before
and it's price is really attractive.
I am looking at Core as well - trying to figure out which on of their
products lines up best with Nessus proffesional feed (for comparisons).

Can anyone point me to a decent third party comparison online?
Does anyone have any suggestions for a  third contender for my list?

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault