PaulDotCom mailing list archives
Re: vulnerability scanners
From: Francois Lachance <digitallachance () gmail com>
Date: Wed, 1 Sep 2010 20:42:21 -0600
Forrester recently published a research paper titled "The Forrester Wave™: Vulnerability Management, Q2 2010" ( http://www.forrester.com/rb/Research/wave%26trade%3B_vulnerability_management%2C_q2_2010/q/id/56932/t/2). It costs $1,740 USD to purchase that report (ouch!). I am fortunate enough to work for a corporation that has a membership with Forrester. Take a look at the executive summary to give you an idea of which vendors they ranked. You can see a research paper from Gartner (MarketScope for Vulnerability Assessment) at http://www.gartner.com/technology/media-products/reprints/qualys/article1/article1.html . You never mentioned what kind of budget you have to do that purchase. Nessus is a great tool (I currently use it). If all you care is to scan, fix and move on, that will be the least expensive commercial product you can find because everyone else charges by the number of IP addresses you are scanning. Nessus just charges for a yearly subscription with no limitation on how many IP you scan. If you have a more complex environment, you'll want to move from just vulnerability scanning to vulnerability management instead. Nessus alone doesn't cut it. You really need a database to store your scan results so that you can generate reports in many different ways. With Nessus, I end up with a bunch of HTML report files generated based on templates available in Nessus. We are now looking at maturing our vulnerability assessment capabilities. I figure that using one of those commercial tools like the ones from Rapid-7, Qualys or Tenable, it will cost anywhere between $30-50K to purchase for around 2000 IPs. This might also be interesting read, to educate yourself: The Essential Guide to Vulnerability Scanning - http://www.itsecurity.com/features/essential-guide-vulnerability-scanning-060508/ Good luck! On Tue, Aug 31, 2010 at 11:29 AM, Albert R. Campa <abcampa () gmail com> wrote:
This is true. When you said Core, i thought, do they have a vuln scanner? I installed Nessus home and Nexpose community on BT4 and did some scanning and comparison. I havent had time to put everything together, but as someone stated it would be good to test them out. __________________________________ Albert R. Campa On Tue, Aug 31, 2010 at 12:10 PM, Paul Asadoorian <paul () pauldotcom com>wrote:Hi Andrew, I wasn't sure from your email if you were comparing penetration testing frameworks to vulnerability scanners, but they should be thought of, and treated as, separate products. In short: a vulnerability scanner is going to give you a comprehensive view of your vulnerabilities. An exploit framework is going to give you more depth and intrusiveness into the vulnerabilities that exist. My other suggestion is that when you compare vulnerability scanners, don't use the default settings to compare. Take the time to test each one against a test environment and tune the scanner accordingly. Also, your targets should be real, and you should have a pretty good idea the vulnerabilities that exist before you start running scans. There is a lot more to take into consideration, feel free to ping me with specific questions. Hope that helps! Cheers, Paul On 8/31/10 12:02 PM, Andrew Anderson wrote:So I'm looking to justify the purchase of a vulnerability scanning product and am looking for some objective opinions. I am partial to Nessus, due in part to the fact that I have used it before and it's price is really attractive. I am looking at Core as well - trying to figure out which on of their products lines up best with Nessus proffesional feed (for comparisons). Can anyone point me to a decent third party comparison online? Does anyone have any suggestions for a third contender for my list? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 Fax: 1.877.846.2187 _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- vulnerability scanners Andrew Anderson (Aug 31)
- Re: vulnerability scanners Butturini, Russell (Aug 31)
- Re: vulnerability scanners Michael Douglas (Aug 31)
- Re: vulnerability scanners Paul Asadoorian (Aug 31)
- Re: vulnerability scanners Daniel (Aug 31)
- Re: vulnerability scanners Albert R. Campa (Aug 31)
- Re: vulnerability scanners Francois Lachance (Sep 02)
- Re: vulnerability scanners Michael Dickey (Aug 31)
- <Possible follow-ups>
- Re: Vulnerability Scanners Herndon Elliott (Sep 01)
- Re: Vulnerability Scanners Albert R. Campa (Sep 01)
- Re: vulnerability scanners Butturini, Russell (Aug 31)