Re: Re: Vulnerability Assessment

[mkburns () gmail com]

Personally I have issues with the Qualys solution as it requires that your vulnerability information be stored offsite 
at Qualys. Which even if your happy someone else having access to this information, what happend if your Internet 
connectivity is bought down during an attack?

In regards to Foundstone, as a scanner it is fine, however from a scalability point of view it is not very flexible, 
with each scanner requiring a full copy of Windows 2003 Server, IIS and SQL - if you deploy multiple scanners and want 
to centrally collate your results then you need to use and export/import utility. 

If you purely want a scanner stick with Nessus.

If you want a vulnerability management system, whereby you can centrally collate you results, track the remediation of 
vulnerabilities, fine grain reporting and the flexibility to install the scanner on Windows platform then I would 
recommend eEye Retina and REM Console.