Security Basics mailing list archives
Re: Need Vulnerability Management Tool Review
From: Bryan <brakeb () gmail com>
Date: Thu, 11 Oct 2012 08:24:53 -0500
We use Critical Watch at our office. During our last quarterly PCI scan (~3 weeks ago), the QSA used Rapid7's tool, Nexpose. Between the two outputs, we found that approximately 36% of the scan results in Nexpose did not show up in our CW scan, and additional 24% showed up in our CW scan that did not show up in the Nexpose scan, and the reports agreed on the remainder. This was with a total of around 300 vulnerabilities. We are not running credentialed scans, so the Apache and OpenSSL vulns found are largely false positives. We run RHEL5 and 6, so the scans appear to look at just the $version and not $version-$release, so 'httpd-2.2.3-63.el5_8.1.x86_64.rpm' is seen by CW and apparently Nexpose as '2.2.3' We are currently talking to CW about both the version issue and the fact they missed a ton of CVEs. We have also asked the QSA to talk to Rapid7 as well. This is just something to think about when getting one of these tools. You may not be seeing the whole picture. On Thu, Oct 11, 2012 at 5:31 AM, neo anderson <amol.netsec () gmail com> wrote:
Shiva, Not sure if you have heard about CriticalWatch. http://www.criticalwatch.com/solutions/vulnerability-management/ Based on personal opinion, here are the ratings out of 5. • Features *** 1/2 • Ease of Use **** • Performance **** • Documentation *** • Support ***** • Value for Money ***** • Effectiveness in finding Vulnerability Finding *** Cheers. On Wed, Oct 10, 2012 at 9:09 AM, <shivaone () gmail com> wrote:Hi Team, We are evaluating Vulnerability Management Tool, I need your help review or rate these tool on the base of below listed points or any, If you have any recommendation of tool its most except able Tool Are-NeXpose ,NESSUS, Retina,GFI LanGurd • Features • Ease of Use • Performance • Documentation • Support • Value for Money • Effectiveness in finding Vulnerability Finding ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Need Vulnerability Management Tool Review shivaone (Oct 10)
- Re: Need Vulnerability Management Tool Review Adam Pal (Oct 10)
- RE: Need Vulnerability Management Tool Review Dave Kleiman (Oct 10)
- RE: Need Vulnerability Management Tool Review Ulm, Matt (Oct 10)
- RE: Need Vulnerability Management Tool Review Chris Garlington (Oct 10)
- Re: Need Vulnerability Management Tool Review gold flake (Oct 11)
- Re: Need Vulnerability Management Tool Review neo anderson (Oct 11)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 11)
- Re: Need Vulnerability Management Tool Review Metahuman (Oct 11)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 11)
- <Possible follow-ups>
- Re: Need Vulnerability Management Tool Review Vijay (Oct 10)
- Re: Re: Need Vulnerability Management Tool Review Julian . chec (Oct 11)
- Re: Need Vulnerability Management Tool Review nekron 99 (Oct 12)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 12)
- Re: Need Vulnerability Management Tool Review nekron 99 (Oct 12)
- Re: Need Vulnerability Management Tool Review nekron 99 (Oct 14)
- Re: Need Vulnerability Management Tool Review Bryan (Oct 12)
- Re: Need Vulnerability Management Tool Review Adam Pal (Oct 10)