Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Best ROI Combination - Metasploit & Training
From: "Albert R. Campa" <abcampa () gmail com>
Date: Fri, 14 Dec 2012 08:02:49 -0600

On the Qradar comments. I will say that in the Qradar console, there is a
capability to get vun data from stand alone Nessus and from Security Center.

I have not tried the stand alone Nessus capability, but I have tried the
Security Center capability. Early this year I had it working on SC 4.2 and
Qradar would bring the vuln data in fine. After 4.4 upgrade, it stopped
working. API changes I assume. So since then I have been hounding
Q1labs/IBM to fix it.

We are finally making progress as I have been working closely with Q1
support, so hopefully they have it working soon in the next few days.
Qradar basically logs into Security Center using the API and pulls down
vulnerability data for the IPs/subnets you request.




On Thu, Dec 13, 2012 at 6:42 PM, Arch Angel <arch3angel () gmail com> wrote:

I have on my calendar to contact tenable regarding the other software in
hopes to fill this gap, and has been for a few days.  I'm looking to work
on a whole new direction with the infrastructure design after some
consideration.  I believe that if the design is tweaked a bit I will not
only get a super easy growth potential but also a much more cost effective
solution.  This solution may not be in the favor of NexPose, but may work
well with Security Center/Nessus or nCircle.

The requirement for Q1 Labs, QRadar product is because the global
headquarters has already made steps to purchase this solution and
negotiated global pricing, which honestly is fine with me.  They would not
have been my first choice, but in that same breath are not a bad solution.
 In the "Supported Products" document Nessus is not a supported
Vulnerability Management solution, but Tenable Security Center is
supported.  I believe they are doing this by feeding Security Center the
Nessus data and then pulling this data from Security Center into QRadar.
 So ultimately it is supported and is not an issue as of now.  I just
needed to be cautious of this as a minor mistake now could potentially turn
into a very costly and timely mistake by the end of 2013.

One thing that has been bothering me for the last few days has been the
way NexPose handled credential scanning of *nix* systems.  I do not feel a
warm and fuzzy in my tummy about root being used like this.  Not saying
good or bad from a security stand point we all know allowing root direct
login is well..... "less than ideal", but more so the maturity of a product
which still has such a feature.  Again it boils down to a warm and fuzzy,
and I'm just not feeling that one.

I am on absolutely no timeline to complete this!  I have no intentions of
rushing into a solution just because the "end of year sales price is
expiring", this tactic actually tends to push me away.  Whether that is
corporate environment or my personal collection of pauldotcom bobble head
dolls :-) I'm just not a person who runs for the discount, the discount may
not always be a true cost reduction over the long haul.  I mean seriously,
my Larry Bobble Head broke 30 minutes after opening it.  Although I was
trying to find the RFID tag, but I digress..

I appreciate the feedback, it's really good to bounce ideas off others in
the community and get the good/bad of others experiences with products.

P.s. There never was any Pauldotcom booble head dolls for the trolls who
are already emailing Paul asking how to get them. However, there is
pictures of Larry being "searched" for the RFID tag by TSA.  Open Google
and do an image search for Larry's alias "John Strand" and it will show
still shows of where he placed the RFID tag.


--

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel

On 12/13/12 2:23 PM, Todd Haverkos wrote:

Arch Angel <arch3angel () gmail com> writes:

Honestly Albert, I can't say that I have a legitment "reason" per say.  I
have found, in my experience, to get the full benefit of Nessus you
really
need Security Center and the other products, but in general that's not a
real reason, just a personal opinion.  I have just seen NexPose as a
better
product over all, in look, feel, and acurancy.  However, again this is
just
my opinion I really don't have a reason outside personal preference I
guess.

I'm not opposed to diving deeper into Nessus and learning the advanatges
or
capabilities though.

Robert,

I would encourage shooting out Nexpose and Security Center side by
side with an evaluation that gets sales engineers involved and get a
quote early on for what you need.

It's a fair point that Nexpose does more for an enterprise than Nessus
alone does.  Nessus is definitely a vulnerability scanner, but it it
not alone an enterprise-centric vulnerability management and reporting
system.  Security Center fills that role, as you hint.

Nexpose and Security Center side by side is the apples to apples
comparison.

Cost as of 2 years ago was within the same ballpark and was sized per
IP's.  If you need or want additional scan zones/scanners for a
segmented network, one vendor hits you additional for those, another
vendor doesn't.

Get SE's from both companies involved.  Pay attention to memory needed
and how fast similar breadth and depth scans come back, if
virtualization is important to you, see how each performs in that
environment.  Test the support channels.  Weigh which evil
(Java/Flash/HTML5) you want to live with to use the interfaces, decide
how important a scriptable API might be to you to mine vuln data.
Also consider the OS's of your target environment.   One scanner for
instance deals with *nix OS's and authenticated scans thereof a lot
more elegantly than another.

I know which way I went and I've been rather happy.   I don't at all
regret the time taken to do a full technical shootout of both.

Best Regards,
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/
______________________________**_________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/**cgi-bin/mailman/listinfo/**pauldotcom<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
Main Web Site: http://pauldotcom.com

 ______________________________**_________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/**cgi-bin/mailman/listinfo/**pauldotcom<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]