Nessus vs McAfee Vulnerability Management

[choonkiat83 at gmail.com (Ng Choon Kiat)]

Not too relevant to your topic but an Interesting read comparing web-scan
tools.

Grey
On Thu, Mar 11, 2010 at 1:32 PM, Chris Merkel <cmerkel at gmail.com> wrote:

> Keep in mind that if you want to compare apples to apples, it should be
> Tenable Security Center vs. McAffee, assuming that you're in a large
> environment. Remediation workflow is important. If you're just a small group
> doing one-off scans, Nessus is ok.
>
> My recommendation, in addition to credentialed scans, is to look at
> "non-core" products, and see which one does a better job at detecting
> vulnerabilities - odds are that they're both going to detect missing patches
> to Windows and Linux distros.
>
> When I was doing an eval (didn't test McAffee) - I found that some other
> "magic quadrant" scanners couldn't find CVSS 10 vulnerabilities in things
> like vSphere, Tivoli products, IBM DB2, Trend Anti-Virus, IBM RSA/HP rILO
> cards, etc - obviously if you have a remote exploit in your backup agent,
> database, ILO or AV, that's really bad news.
>
> In addition, look to see who does a better job with auditing things like
> Oracle, SQL server, Exchange, Domino, etc.
>
> When it comes down to it, you have to have a solid, highly comprehensive
> test plan, putting the scanners against systems in your environment with
> known vulnerabilities.
>
> Hope that helps.
>
> (Full Disclosure: I'm a Tenable Security Center customer and recently did
> about 3 months of testing on various enterprise VA products. But don't take
> my word on it - every environment is different and each VA product has
> coverage strengths and weaknesses - don't just go with Nessus because it's
> what you know best - that's not a smart approach. )
>
> - Chris Merkel
>
>   On Wed, Mar 10, 2010 at 1:57 PM, subzer0girl <subzer0girl at gmail.com>wrote:
>
> >  I need a little help convincing the purchasing people that I need
> > Nessus.  They are suggesting McAfee Vulnerability Management is a viable
> > alternative.  I want to stick with Nessus since that is what I have
> > experience with.  I've googled for a comparison of the two products but
> > haven't found anything of value. Does anyone have experience with how the
> > two products compare ?
> >
> > Any help would be appreciated
> >
> > Sandy
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> - Chris Merkel
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100311/1ab01383/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Accuracy_and_Time_Costs_of_Web_App_Scanners.pdf
Type: application/pdf
Size: 653284 bytes
Desc: not available
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100311/1ab01383/attachment-0001.pdf